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Abstract 

We  consider  a  characterization  of  a  real-time  system  consisting  as  a  set  of  sporadic  tasks 
that  share  a  set  of  serially  reusable,  single  unit  resources.  Sporadic  tasks  are  a 
generalization  of  periodic  tasks  and  are  well-suited  for  representing  event  driven  processes. 
Resources  are  shared  software  objects,  such  as  data  structures.  Tasks  are  composed  of  a 
sequence  of  phases.  Each  phase  is  a  contiguous  sequence  of  statements  that  require 
exclusive  access  to  a  resource.  For  an  arbitrary  instance  of  the  model  the  goal  is  to 
determine  if  it  is  possible  to  schedule  the  tasks  on  a  single  processor  such  that: 

•  each  invocation  of  each  task  completes  execution  at  or  before  a  well- 
defined  deadline,  and 

•  a  resource  is  never  accessed  by  more  than  one  task  simultaneously. 

Our  work  makes  two  contributions  to  the  theory  of  real-time  scheduling  and  resource 
allocation.  The  first  is  the  development  of  an  on-line  algorithm  for  sequencing  a  set  of 
sporadic  tasks  on  a  uniprocessor  such  that  the  above  criteria  are  met.  The  algorithm  results 
from  the  integration  of  a  synchronization  scheme  for  access  to  shared  resources  with  the 
earliest  deadline  first  {EDF)  algorithm  of  Liu  and  Layland.  The  result  is  deadline  based 
scheduling  algorithm  in  which  phases  of  tasks  that  require  exclusive  access  to  resources 
have  two  types  of  deadlines:  a  contending  deadline  for  the  initial  acquisition  of  the 
processor,  and  an  execution  deadline  for  subsequent  execution.  The  algorithm  is  optimal 
with  respect  to  the  class  of  scheduling  policies  that  do  not  use  inserted  idle  time.  The 
algorithm  is  optimal  in  the  sense  that  it  can  schedule  a  set  of  tasks,  without  inserted  idle 
time,  whenever  it  will  be  possible  to  do  so.  Tne  second  contribution  is  a  derivation  of  a  set 
of  relations  on  task  parameters  that  are  necessary  and  sufficient  for  a  set  of  tasks  to  be 
schedulable.  With  these  conditions  one  can  efficiently  decide  whether  it  will  be  possible  to 
schedule  a  set  of  tasks  without  executing  or  simulating  the  execution  of  the  tasks.  Our 
model  for  the  analysis  of  processor  scheduling  policies  is  novel  in  that  it  incorporates 
minimum  as  weU  as  maximum  processing  time  requirements  of  tasks. 


Index  Terms:  Analysis  of  algorithms,  theory  of  deterministic  processor  and  resource 
allocation,  operating  systems,  real-time  systems,  scheduling  theory. 
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1 .  Introduction 


Real-time  computer  systems  are  loosely  defined  as  the  class  of  computer  systems  that  must 
perform  computations  and  I/O  operations  in  a  time  frame  defined  by  processes  in  the 
environment  external  to  the  computer.  Real-time  systems  differ  from  more  traditional 
multiprogrammed  systems  in  that  real-time  systems  have  a  dual  notion  of  correctness.  In 
addition  to  being  logically  correct,  i.e.,  producing  the  correct  outputs,  real-time  systems 
must  also  be  temporally  correct,  i.e.,  produce  the  correct  output  at  the  correct  time.  In  this 
paper  we  examine  a  processor  and  resource  allocation  problem  for  hard-real-time  systems. 
Hard-real-time  systems  are  real-time  systems  that  require  deterministic  guarantees  of 
temporal  correctness.  These  are  systems  in  which  the  cost  of  failing  to  be  temporally 
correct  is  high.  This  high  cost  can  be  measured  in  monetary  terms  {e.g.,  an  inefficient  use 
of  raw  materials  in  a  process  control  system),  aesthetic  terms  {e.g.,  unrealistic  output  from 
a  computer  music  or  computer  animation  system),  or  possibly  in  human  or  environmental 
terms  {e.g.,  an  accident  due  to  untimely  control  in  a  nuclear  power  plant  or  fly-by-wire 
avionics  system). 


Hard-real-time  systems  are  commonly  structured  as  a  set  of  tasks  that  are  invoked 
repetitively.  Two  frequently  studied  classes  of  repetitive  tasks  are  periodic  tasks,  i.e., 
tasks  that  are  invoked  at  constant  intervals,  and  sporadic  tasks,  i.e.,  tasks  that  are  invoked 
at  random  but  with  a  minimum  inter-invocation  interval  [Mok  83].  In  both  cases,  each 
invocation  of  a  task  must  complete  execution  before  a  well-defined  deadline.  Our 
contribution  to  the  study  of  repetitive,  real-time  workloads  is  the  consideration  of  tasks  that 
share  a  set  of  serially  reusable  resources.  Our  notion  of  a  resource  is  a  software  object. 
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e.g.,  a  data  structure,  that  is  shared  among  a  group  of  tasks  and  must  be  accessed  in  a 
mutually  exclusive  manner.  Operations  on  a  shared  resource  therefore  constitute  a  critical 
section.  For  example,  within  the  context  of  a  concurrent  programming  language  in  which 
shared  data  is  encapsulated  within  a  monitor  [Hoare  74],  a  resource  would  be  an  individual 
monitor.  We  consider  a  characterization  of  a  hard-real- time  system  as  a  set  of  sporadic 
tasks  that  share  a  set  of  serially  reusable  software  resources.  An  invocation  of  a  task  will 
require  exclusive  access  to  a  set  of  software  resources.  This  paper  examines  the  problem 
of  scheduling  sporadic  tasks  that  share  a  set  of  software  resources.  The  problem  is  to 
sequence  a  set  of  sporadic  tasks  on  a  uniprocessor  such  that  in  all  cases  —  and  in  particular 
in  the  worst  case  —  it  is  guaranteed  that: 

•  each  invocation  of  each  task  completes  execution  at  or  before  its  deadline, 
and 

*  a  resource  is  never  accessed  by  more  than  one  task  simultaneously. 

Our  work  makes  two  contributions  to  the  theory  of  real-time  scheduling  and  resource 
allocation.  The  first  is  the  development  of  an  on-line  algorithm  for  sequencing  a  set  of 
sporadic  tasks  on  a  uniprocessor  such  that  the  above  criteria  are  met.  The  algorithm  results 
from  the  integration  of  a  synchronization  scheme  for  access  to  shared  resources  with  the 
earliest  deadline  first  (EDF)  algorithm  of  Liu  and  Layland;  a  preemptive,  priority-driven 
scheduling  algorithm  with  dynamic  priority  assignment  [Liu  &  Layland  73].  The  algorithm 
is  optimal  with  respect  to  the  class  of  scheduling  policies  that  do  not  use  inserted  idle  time.' 
The  algorithm  is  optimal  in  the  sense  that  it  can  schedule  a  set  of  tasks,  without  inserted  idle 
time,  whenever  it  will  be  possible  to  do  so.  The  second  contribution  is  a  derivation  of  a  set 
of  relations  on  task  parameters  that  are  necessary  and  sufficient  for  a  set  of  tasks  to  be 
schedulable.  With  these  conditions  one  can  efficiently  decide  whether  it  will  be  possible  to 
schedule  a  set  of  tasks  without  executing  or  simulating  the  execution  of  the  tasks.  Our 
model  for  the  analysis  of  processor  scheduling  policies  is  novel  in  that  it  incorporates 
minimum  as  well  as  maximum  processing  time  requirements  of  tasks.  This  work  is  part  of 
a  larger  design  system  for  hard-real-time  systems  [Jeffay  89a]. 2 


‘  If  tasks  are  scheduled  by  a  discipline  that  allows  itself  to  idle  the  processor  when  there  e.\ists  a  task  with 
an  outstanding  request  for  execution,  then  that  discipline  is  said  to  use  inserted  idle  time  [Conway  et  al.  67], 

-  For  the  remainder  of  this  paper,  we  will  use  the  terms  real-time  and  hard-real-time  interchangeably  where 
it  causes  no  confusion. 
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Several  approaches  to  scheduling  real-time  tasks  that  share  resources  have  been  described 
in  the  literature  [Leinbaugh  80,  Mok  83,  Mok  et  al.  87,  Zhao  et  al.  87a, b,  Jeffay  89b,  Sha 
et  al.  90,  Chen  &  Lin  90].  Most  consider  the  case  where  tasks  are  periodic  and  develop 
heuristic  algorithms  for  scheduling  the  tasks.  When  tasks  are  periodic,  Mok  has  shown 
that  the  problem  of  deciding  whether  or  not  it  is  possible  to  execute  a  set  of  tasks  that  use 
semaphores  to  enforce  mutual  exclusion  is  NP-hard  [Mok  83].  In  [Jeffay  et  al.  90]  the 
more  general  problem  of  deciding  whether  or  not  it  is  possible  to  schedule  a  set  of  periodic 
tasks  in  a  non-preemptive  manner  was  also  shown  to  be  NP-hard  in  the  strong  sense. 
Moreover,  it  was  shown  that  if  an  optimal  non-preemptive  scheduling  algorithm  exists  for 
periodic  tasks,  then  P  =  NP.  If  the  times  of  all  task  invocations  are  known  in  advance,  one 
can  compute  a  schedule  off-line  and  then  apply  the  schedule  at  run-time  [Xu  &  Pamas  90]. 

The  following  section  presents  our  model  of  a  real-time  system  in  greater  detail  and  defines 
the  objective  of  our  study.  Section  3  examines  the  problem  of  scheduling  tasks  that  use 
only  a  single  resource.  An  optimal  algorithm  is  developed  for  this  special  case.  Section  4 
generalizes  this  algorithm  for  tasks  that  share  a  set  of  resources.  Section  5  discusses  our 
results  and  revisits  the  assumptions  and  restrictions  in  our  model. 

2.  System  Model 

We  define  a  hard-real-time  system  as  a  set  of  sporadic  tasks  that  share  a  set  of  serially 
reusable,  single  unit  software  resources.  A  sporadic  task  is  a  sequential  program  that  is 
invoked  in  response  to  the  occurrence  of  an  event.  An  event  is  a  stimulus  that  may  he 
generated  by  processes  external  to  the  system  {e.g.,  an  interrupt  from  a  device)  or  by- 
processes  internal  to  the  system  (e.g.,  the  arrival  of  a  message).  We  assume  events  are 
generated  repeatedly  with  a  (non-zero)  lower  bound  on  the  duration  between  consecutive 
occurrences  of  the  same  event.  Therefore,  each  sporadic  task  will  be  in'  oked  repeatedly 
with  a  lower  bound  on  the  interval  between  consecutive  invocations.  Once  invoked  a  task 
will  execute  to  completion.  Sporadic  tasks  are  well-suited  for  implementing  computational 
processes  that  are  required  to  execute  periodically  (with  a  constant  interval  between 
activations)  or  in  response  to  recurring  asynchronous  events.  During  the  course  of 
execution,  a  task  may  perform  operations  on  shared  data  resources.  Resources  are  serially 
reusable  and  must  be  accessed  in  a  mutually  exclusive  manner.  This  model  of  software 
resources  is  motivated  by  the  use  of  monitors  for  regulating  access  to  shared  data  in 
process  oriented  concurrent  programming  languages  such  as  Modula.  Mesa,  or  Real-Time 
Euclid  [Wirth  77,  Lampson  &  Redell  80,  Kitgerman  &  Stoyenko  86]. 
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Formally,  we  consider  a  real-time  system  that  consists  of  a  set  of  n  sporadic  tasks  {Tj,  T2, 
Tn)  and  a  set  of  m  serially  reusable,  single  unit  resources  {/?/,  /?2,  Rm)-  A  task  is 
described  by  a  3-tuple 


Ti  =  (5,.  {(C,;,  Cij,  nj)  \  \  <j  <ni}.  Pi) 


where: 

Si  —  the  release  time  of  task  7;:  the  time  of  the  first  invocation  of  task  7,, 

{  (Cy,  Cy,  Ty)  }  —  a  sct  of  rt,'  phoscs  where  for  each  phase: 

Cij  —  the  minimum  computational  cost:  the  minimum  amount  of 
processor  time  required  to  execute  the  phase  of  task  7j  to 
completion  on  a  dedicated  uniprocessor, 

Cy  —  the  maximum  computational  cost:  the  maximum  amount  of 
processor  time  required  to  execute  the  phase  of  task  7,  to 
completion  on  a  dedicated  uniprocessor, 

Ty  —  the  resource  requirement:  the  resource  (if  any)  that  is  required 
during  the  phase  of  task  Ti,  and 

Pi  —  the  period  of  the  task:  the  minimum  time  interval  between  invocations  of 
task  7i. 

Each  task  7/  is  panitioned  into  a  sequence  of  n,-  disjoint  phases.  A  phase  is  a  contiguous 
sequence  of  statements  that  together  require  exclusive  access  to  a  resource.  A  task  may 
have  multiple  phases  that  require  the  same  resource.  The  resource  required  by  task  7, 
during  the  phase  of  its  computation  is  represented  by  an  integer  ry,  0  <  ry  <  m.  If 
Ty  =  k,  k^O,  then  the phase  of  Ti's  computation  requires  exclusive  access  to  resource 
Rk-  For  a  given  invocation  of  task  Ti,  in  the  interval  between  the  time  phase  j  commences 
execution  and  the  time  it  completes  execution,  no  other  phase  of  a  task  that  requires 
resource  R/c  may  execute.  If  Ty  =  0,  then  the  phase  of  task  7,’s  computation  requires  no 
resources.  In  this  case  the  phase  of  task  Ti  imposes  no  mutual  exclusion  constraints  on 
the  execution  of  other  tasks.  Within  the  context  of  a  concurrent  programming  language 
with  monitors,  if  ry  ^  0,  then  the  j‘^  phase  of  task  7,-  would  consist  of  a  call  to  an  entry 
procedure  of  a  monitor  that  encapsulates  resource  ry.  If  ry  =  0,  then  the  phase  of  task  7, 
would  consist  of  either  code  in  the  main  body  of  the  task  or  reentrant  procedure  code  called 
by  the  main  body  of  the  task.  Note  that  since  different  tasks  may  perform  different 
operations  on  a  resource  (e.g.,  call  different  monitor  entry  procedures),  it  is  reasonable  to 
assume  that  phases  of  tasks  that  access  the  same  resource  have  varying  computational 
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costs.  A  fundamental  restriction  is  that  each  phase  of  each  task  will  require  access  to  at 
most  one  resource  at  a  time.  Other  paradigms  of  resource  usage  and  task  decomposition 
will  be  discussed  briefly  in  Section  5. 

Throughout  this  paper  we  assume  a  discrete  time  model.  In  this  domain  all  task  parameters 
as  well  as  all  values  of  time  are  expressed  as  integer  multiples  of  some  indivisible  time  unit. 
Without  loss  of  generality,  assume  these  quantities  are  integers.  Moreover,  we  assume 
throughout  that  tasks  are  soned  in  non-decreasing  order  by  period.  For  any  pair  of  tasks  7, 

and  Tj,  if  i  >  J,  then  pi  >  pj.  The  index  of  a  task  refers  to  its  position  in  this  sorted  list. 

» 

The  behavior  of  a  sporadic  task  Ti  is  given  by  the  following  mles.  Let  be  the  time  of  the 
invocation  of  task  7,. 

i)  The  initial  invocation  of  task  Ti  occurs  at  time  t;  =  5,. 

ii)  If  task  Ti  has  period  pi,  then  for  all  k>  the  {k+\y‘  invocation  of  7, 
occurs  at  time  >  tk+  Pi^  Si  +  kpi. 

Hi)  Each  invocation  of  task  7j  consists  of  the  execution  of  n,  phases  in 
sequence.  The  execution  of  an  invocation  of  7,  commences  in  phase  1. 

The/^  phase  of  each  execution  of  7/  does  not  commence  until  the  (j  -  !)■'' 
phase  has  terminated. 

jv)  Execution  of  the  phase  of  task  7,-  requires  at  least  Cy  units  of  processor 
time  and  at  most  Cy  units  of  processor  time,  Cy  >  Cy  >  0. 

v)  The  invocation  of  Ti  must  be  completed  no  later  than  time  +  p,.  This 
time  is  commonly  referred  to  as  the  deadline  of  the  k^^  invocation  of  task 

r,. 

If  a  phase  of  a  task  requires  a  resource  then  the  computational  cost  of  the  phase  represents 
only  the  cost  of  using  the  required  resource  and  not  the  cost  (if  any)  of  acquiring  or 
releasing  the  resource.  A  minimum  cost  of  zero  indicates  that  a  phase  of  a  task  is  possibly 
optional.  (For  example,  the  execution  of  a  phase  of  a  task  may  be  dependent  on  the 
outcome  of  the  evaluation  of  a  boolean  expression.) 

The  “period”  of  a  sporadic  task  is  simply  the  minimum  time  between  any  two  successive 
invocations  of  the  task.  In  general  an  arbitrary  amount  of  time  may  lapse  between 
successive  invocations  of  a  task.  A  sporadic  task  is  a  generalization  of  the  more  commonly 
studied  periodic  task  [Liu  &  Layland  73].  We  assume  sporadic  tasks  are  independent  in  the 
sense  that  the  time  of  a  task’s  invocation  is  dependent  only  upon  the  time  of  its  last 
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invocation  and  not  upon  those  of  any  other  task.  Once  released,  a  sporadic  task  will  be 
invoked  an  unbounded  number  of  times. 

If  the  invocation  of  task  Ti  occurs  at  time  r,  then  the  closed  interval  [:,  i+pi]  is  called  the 
k‘^  invocation  interval,  or  simply  an  invocation  interval,  of  task  T,.  If  task  7,  is  invoked  at 
time  t  and  does  not  complete  execution  at  or  before  time  t  +  pi,  then  we  say  that  7,  has 
failed.  A  set  of  sporadic  tasks  t  is  said  to  be  feasible  on  a  uniprocessor  if  it  is  possible  to 
schedule  r  on  a  uniprocessor  such  that: 

•  no  task  fail?,  i.e.,  every  invocation  of  every  task  completes  execution  at  or 
before  the  end  of  its  invocation  interval,  and 

•  for  each  task  7„  and  for  all  phases  j,  1  ^  ni,  if  ^  0,  then  the  phase 

of  each  invocation  of  7,  has  exclusive  access  to  the  resource  from  the 
time  the  phase  commences  execution  until  the  phase  terminates  execution. 

A  scheduling  algorithm  succeeds  in  scheduling  a  set  of  tasks  if  it  can  sequence  the  tasks 
such  that  both  criteria  above  will  be  met.  A  scheduling  algorithm  is  said  to  be  optimal  for  a 
uniprocessor  if  it  can  succeed  for  any  task  set  that  is  feasible  on  a  uniprocessor.  Our  goal 
is  to  develop  an  algorithm  that  can  sequence  all  feasible  sets  of  tasks  on  a  uniprocessor. 

The  characteristics  of  our  real-time  workload  model  motivate  the  consideration  of  on-line 
scheduling  algorithms  for  sequencing  the  tasks.  This  is  because  it  will  not  be  possible  to 
generate  a  schedule  off-line  if  all  invocation  times  of  tasks  are  unknown.  Given  the 
possibly  non-deterministic  manner  in  which  a  sporadic  task  may  be  invoked,  it  is  possible 
for  this  to  be  the  case.  In  developing  a  scheduling  algorithm,  we  assume  that  in  principle 
tasks  are  preemptable  at  arbitrary  points.  However,  the  requirement  of  exclusive  access  to 
resources  places  two  restrictions  on  the  preemption  and  execution  of  tasks.  For  all  tasks  i 
and  k,  if  rij  =  r^i  and  r,y,  r^  *  0,  then  (1)  the  phase  of  task  Ti  may  neither  preempt  the  F* 
phase  of  task  7*,  nor  (2)  execute  while  the  /'*  phase  of  task  7^  is  preempted. 

Lastly,  in  the  following  sections  it  will  be  useful  to  distinguish  between  tasks,  and  phases 
of  tasks,  that  share  resources  with  other  tasks  and  those  that  do  not.  If  a  task  (phase)  never 
requires  a  resource  then  that  task  (phase)  is  called  a  non-resource  requesting  task  (phase). 
If  a  task  (phase)  ever  requires  a  resource  it  is  called  a  resource  requesting  task  (phase). 
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3.  Single  Phase  Task  Systems 

We  first  consider  the  problem  of  scheduling  sporadic  tasks  that  consist  of  only  a  single 
phase.  As  will  be  shown  in  Section  4,  the  general  problem  of  scheduling  tasks  with 
multiple  phases  can  largely  be  reduced  to  the  problem  of  scheduling  tasks  with  only  a 
single  phase. 

The  following  sub- section  establishes  conditions  that  are  necessary  for  a  set  of  single  phase 
sporadic  tasks  to  be  feasible  in  the  absence  of  inserted  idle  time.  (In  Section  5  we  will 
briefly  comment  on  the  problem  of  scheduling  sporadic  tasks  with  inserted  idle  time.) 
Section  3.2  then  develops  an  algorithm  for  scheduling  such  tasks  and  demonstrates  its 
optimality. 

3.1  Feasibility  Conditions  for  Single  Phase  Task  Systems 

Consider  a  set  of  single  phase  sporadic  tasks  (7/,  T2, ...,  7„},  where  7,  =  (ci,  C^,  rj, 
that  share  a  set  of  m  serially  reusable,  single  unit  resources  {Rj,  R2,  ■■■,  Rm)-  It  will 
be  useful  to  refer  to  the  period  of  the  “shortest”  task  that  uses  resource  /?,.  For  resource 
Ri,  let  Pi  represent  this  period.  That  is, 

Fi  =  MIN(pylr,  =  0. 

JSj<n 

We  first  demonstrate  that  the  feasibility  of  a  set  of  sporadic  tasks  is  not  a  function  of  their 
release  times.  The  following  Lemma  demonstrates  that  if  a  set  of  tasks  is  feasible,  then  the 
tasks  will  be  feasible  for  any  combination  of  release  times. 

Lemma  3.1:  Let  r  be  a  set  of  sporadic  tasks.  If  ris  feasible  then  the  set  of  sporadic  tasks 
f  obtained  from  r  by  replacing  the  release  times  of  tasks  with  arbitrary  values  will  also  be 
feasible. 

Proof:  By  the  definition  of  a  sporadic  task,  an  arbitrary  amount  of  time  may  elapse 
between  the  end  of  one  invocation  and  the  start  of  the  next.  Therefore,  after  all  tasks  in  : 
have  been  released,  there  can  exist  a  time  (  such  that  a  task,  or  group  of  tasks,  in  z  are 
invoked  at  time  t,  and  such  that  all  task  invocations  that  occur  prior  to  time  t  with  deadlines 


-  Since  ta.sks  consist  of  only  a  single  phase,  the  second  subscript  on  the  parameters  C.  c.  and  r  will  be 
omitted. 
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after  t,  have  completed  execution  at  or  before  time  t.  That  is,  if  the  task  invocation(s) 
occurring  at  time  t  did  not  exist  then  the  processor  would  have  been  idle  for  some  non-zero 
length  interval  starting  at  t.  At  time  t,  r  is  effectively  “staning  over”  with  a  set  of  “release 
times”  that  are  unrelated  to  the  initial  release  times.  Therefore,  if  r  is  feasible  then  any  set 
of  tasks  derived  from  r  by  replacing  the  release  times  with  arbitrary  values  must  also  be 
feasible.  C 


The  following  theorem  establishes  necessary  conditions  for  a  set  of  single  phase  tasks  to  be 
feasible. 


Theorem  3.2:  Let  r  be  a  set  of  single  phase  sporadic  tasks  {Tj,  T2, ...,  r„},  sorted  in 
non-decreasing  order  by  period,  that  share  a  set  of  m  serially  reusable,  single  unit 
resources  R],  R2,  ..■,Rm-  If  ^  can  be  scheduled  on  a  uniprocessor  without  inserted  idle 
time,  then: 


1=1 


2)  Vi,  1  <i<n  and  r;  ^  0;  VL,  Pr^<L<  pi'. 

Vli^ic, 


L  >  C,  + 


-i 


Informally,  condition  (1)  can  be  thought  of  as  a  requirement  that  the  processor  not  be 
overloaded.  If  a  task  T  has  maximum  cost  C  and  period  p,  then  CIp  is  the  least  upper 
bound  on  the  fraction  of  processor  time  consumed  by  T  over  the  lifetime  of  the  system 
{i.e.,  the  worst  case  utilization  of  the  processor  by  T).  The  first  condition  simply  stipulates 
that  the  cumulative  processor  utilization  cannot  exceed  unity.  The  right  hand  side  of  the 
inequality  in  condition  (2)  is  a  least  upper  bound  on  the  processor  demand  that  can  be 
realized  in  an  interval  of  length  L  starting  at  the  time  an  invocation  of  a  resource  requesting 
task  r,  is  scheduled,  and  ending  sometime  before  the  end  of  the  invocation  interval.  This 
interval  is  illustrated  in  Figure  3.1.  Figure  3.1  shows  an  invocation  interval  of  task  7,. 
Task  r,  is  invoked  at  time  t  and  is  scheduled  at  time  r'.  The  striped  rectangle  in  the 
invocation  interval  represents  the  execution  of  task  T,-.  This  invocation  must  complete 
execution  at  or  before  time  i  +  pi. 

For  a  set  of  tasks  to  be  feasible,  the  processor  demand  in  this  interval  must  always  be  less 
than  or  equal  to  the  length  of  the  interval.  If  this  is  not  the  case  then  a  task  can  fail. 
Although  condition  (2)  is  semantically  similar  to  the  requirement  that  the  processor  not  be 
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t+p, 

L 

Figure  3.1 

over-utilized,  we  will  later  demonstrate  that  conditions  (1)  and  (2)  are  in  fact  not  related. 

i 

The  intuition  behind  conditions  (1)  and  (2)  will  be  developed  further  in  the  proof  of 
Theorem  3.2. 

Proof:  By  Lemma  3.1,  to  show  that  conditions  (1)  and  (2)  are  necessary  for  feasibility,  it 
suffices  to  demonstrate  that  there  exist  release  times  for  which  these  conditions  are 
necessary  for  r  to  be  feasible.  We  first  show  that  condition  (1)  is  necessary. 

For  a  set  of  tasks  r,  the  achievable  processor  demand  in  the  time  interval  [a,  b],  written 
da.i,  is  defined  as  the  maximum  amount  of  processing  time  required  by  r  in  the  interval 
[a,  b]  to  complete  all  invocations  of  tasks  with  deadlines  in  the  interval  [a,  b].  That  is.  dl.b 
is  the  processing  time  required,  in  the  worst  case,  by  t  in  the  interval  [a,  b]  to  ensure  that 
no  task  fails  in  the  interval  [a,  b].  The  worst  case  occurs  when  tasks  are  periodic  from 
point  a  onward.  If  a  set  of  tasks  r  is  feasible,  then  for  all  a  and  b,a  <  b,  it  follows  that 

d*a.b  ^b-a. 

For  all  i,  1  <  i  <  n,  let  =  0  and  let  t  =  PiP2---Pn-  In  the  interval  [0,  f],  —  Ci  is  the 

Pi 

maximum  amount  of  processor  time  that  must  be  allocated  to  task  T,  to  ensure  that  T,  does 
not  fail  in  the  interval  [0,  r].  In  the  interval  [0,  r]  the  achievable  processor  demand,  do.i.  is 
therefore 


Time  -f- 


t 


1=1 


—  c 

Pi  ■ 


If  ris  feasible  then  it  must  be  the  case  that  cto^i  <  r,  hence 


n 


1=1 
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n 


1=1 


For  condition  (2)  choose  a  task  F,,  I  <  i  <  n,  such  that  and  pi  >  Pr^-  Let  5;  =  0  and 
Sj  =  1  for  all  y,  1  <J<n,j^  i.  This  gives  rise  to  the  pattern  of  initial  task  invocations 
shown  in  Figure  3.2.  Initially  only  task  T,  is  eligible  for  execution.  Since  inserted  idle 
time  is  not  allowed,  task  7,-  must  execute  in  the  interval  [0,1].  For  all  L,  L  >  Pr^,  the 

interval  [0,  L]  contains  at  least  one  invocation  of  some  task  Tk  with  =  r,-.  Since  task  Tk 
shares  a  resource  with  task  7,-  and  since  this  resource  is  in  use  by  task  7,  at  time  1,  the 
initial  invocation  of  task  Tk  may  not  be  scheduled  until  after  the  invocation  of  7,  made  at 
time  0  has  completed  execution.  Therefore,  to  ensure  that  the  initial  invocation  of  task  Tk 
does  not  fail,  the  initial  invocation  of  task  7,  must  be  completed  before  time  Pk  +  I  =  Pr,^ 
1.  Hence  for  this  choice  of  release  times,  for  all  L,  Pr^<L  <  pi,  in  the  interval  [0.  L]  the 
achievable  processor  demand,  do£,  is 

=  C,  -  £  I  . 

The  demand  consists  of  the  maximum  cost  of  executing  the  initial  invocation  of  task  7,  plus 
the  achievable  processor  demand  due  to  tasks  1  -  i-1  in  the  interval  [1,7].  (Note  that  tasks 
with  periods  greater  than  or  equal  to  p,  have  no  invoct.tion  intervals  contained  in  tne  interval 
[1,7]  and  hence  can  not  fail  in  the  interval  [1,7].  Therefore  these  tasks  do  not  contribute 
to  the  achievable  processor  demand  in  the  interval  [1,  7].)  For  t  to  be  feasible  it  must  be 


T: 

T, 

r.-i 

T. 

7., 

7, 

Time 


feZZZZZZZZL 

I _ 


I - 1  I - 1  - -  H - 

0  1  7  prl  P, 

Figure  3.2 
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the  case  that  L  >  doj^,  hence 


L  >C,.XL 

;=i 


L  -  1 

Pj 


\c. 


Although  seemingly  arbitrary,  the  constructions  used  in  the  proof  of  Theorem  3.2  precisely 
characterize  the  worst  case  interleavings  of  task  invocations  for  a  set  of  sporadic  tasks.  In 
essence,  it  will  be  shown  in  Section  3.2  that  if  a  set  of  tasks  can  be  scheduled  when 
interleaved  as  shown  above,  then  the  tasks  are  indeed  feasible.  The  notion  of  a  worst  case 
interleaving  is  important  as  Lemma  3.1  indicates  that  such  an  interleaving  can  always  occur 
during  the  execution  of  any  task  set. 

Note  that  a  set  of  single  phase  sporadic  tasks  rin  which  r,  =  0,  for  1  <i<n,  corresponds 
to  a  set  of  tasks  with  no  resources  and  hence  no  mutual  exclusion  constraints.  In  such  a 
system  a  task  would,  in  principle,  be  preemptable  at  any  time  during  its  execution  by  any 
other  task.  If  r,  =  0,  for  1  <  i  <  n,  then  condition  (2)  is  void  (the  quantification  of  i  is 
empty)  and  only  condition  (1)  is  necessary  for  feasibility.  This  agrees  with  the  results 
reported  in  [Jeffay  89a,  Liu  &  Layland  73]  for  the  preemptive  scheduling  of  periodic  and 
sporadic  tasks.  Similarly,  if  tasks  require  resources  but  the  resources  are  not  shared  ii.e., 
there  is  only  a  single  task  that  requests  each  resource)  then  condition  (2)  is  again  void  (the 
quantification  of  L  in  condition  (2)  is  empty  for  all  tasks  i).  At  the  other  extreme,  a  set  of 
single  phase  sporadic  tasks  in  which  for  all  i,  I  <  i  <  n,  ri  =  k,  for  some  k^O,  corresponds 
to  a  set  of  tasks  that  all  share  a  single  resource.  Such  single  phase  tasks  must  be  scheduled 
non-preemptively.  In  this  case  condition  (2)  applies  to  all  tasks  and  the  feasibility 
conditions  agree  with  those  reported  in  [Jeffay  et  al.  90]  for  the  non-preemptive  scheduling 
of  sporadic  tasks. 


3.2  Scheduling  Single  Phase  Task  Systems 

Our  goal  is  to  develop  an  algorithm  that  will  sequence  a  set  of  single  phase  sporadic  tasks 
on  a  single  processor  whenever  it  is  possible  to  do  so.  Such  an  algorithm  must  ensure  that 
(1)  all  task  invocations  complete  execution  before  the  end  of  their  respective  invocation 
intervals  and  that  (2)  the  mutual  exclusion  constraints  on  the  execution  of  resource 
requesting  tasks  are  respected.  It  is  the  latter  requirement  that  motivates  the  development  of 
a  new  scheduling  policy.  Our  approach  is  to  incorporate  a  synchronization  protocol  for 
mumal  exclusion  into  an  existing  real-time  scheduling  policy. 
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The  basis  of  the  new  scheduling  policy  is  the  preemptive  earliest  deadline  first  (EDF) 
algorithm  [Liu  &  Layland  73].  The  EDF  scheduling  algorithm  works  as  follows.  When  a 
task  is  invoked,  if  the  resource  the  task  requires  is  in  use  by  another  task,  then  the 
requesting  task  is  said  to  be  blocked',  otherwise  the  task  is  said  to  be  read's/.  When  an 
invocation  of  a  task  is  executing  on  a  processor,  the  task  is  executing.  If  a  task  is 
preempted  while  executing  then  it  returns  to  the  ready  state.  After  completion  of  an 
invocation,  and  prior  to  the  first  invocation,  a  task  is  terminated.  If  task  T,  is  invoked  at 
time  t,  then  a  scheduler  must  ensure  that  T,  completes  execution  at  or  before  its  deadline  at 
time  r  +  p,-.  The  EDF  scheduling  discipline  dictates  that  at  all  points  in  time,  the  ready  task 
with  the  nearest  deadline  should  be  executing.  An  EDF  scheduler  makes  scheduling 
decisions  (dispatches  tasks)  whenever  a  task  is  invoked  or  completes  an  invocation.  At 
each  of  these  scheduling  points,  an  EDF  scheduler  dispatches  the  ready  task  with  the 
nearest  deadline;  preempting  the  previously  executing  task  if  necessary.  Ties  between  tasks 
with  identical  deadlines  are  broken  arbitrarily.  Both  the  task  selection  process  and  the 
process  of  dispatching  a  task  are  assumed  to  take  no  time  in  our  discrete  time  system.  Our 
consideration  of  an  EDF  policy  is  motivated  by  the  fact  that  it  has  been  shown  to  be  an 
optimal  policy  both  when  tasks  have  no  preemption  or  execution  constraints  [Liu  & 
Layland  73]  and  when  preemption  is  completely  disallowed  [Jeffay  et  al.  90].  The  problem 
currently  under  consideration  lies  between  these  two  extremes. 

The  EDF  scheduling  discipline  can  be  extended  to  ensure  exclusive  access  to  shared 
resources  by  re-examining  the  concept  of  an  execution  deadline.  If  tasks  share  resources 
then  when  a  resource  requesting  task  T,  is  invoked,  it  is  no  longer  sufficient  for  the 
invocation  to  complete  execution  within  pi  time  units.  It  can  be  the  case  that  a  resource 
requesting  task  must  complete  execution  before  the  end  of  its  current  invocation  interval. 
This  situation  can  occur  when  an  invocation  of  a  task  with  a  deadline  becomes  blocked. 
For  example,  consider  the  problem  of  scheduling  the  following  task  set  according  to  a 
naive  application  of  the  traditional  preemptive  EDF  discipline:  (recall  T  =  {release  time, 
(minimum  cost,  maximum  cost,  resource),  period)) 

r=  {  7;  =(1,(1,  1,  1).4) 

72  =  (2,  (1,2,  0),10) 

72  =  (0,(1,  3,  1),20)  ). 


T  consists  of  three  single  phase  tasks  and  1  shared  resource  (/?;).  The  initial  interleaving  of 
invocations  is  illustrated  in  Figure  3,3. 
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Figure  3.3 

The  initial  invocation  of  task  Tj  occurs  at  time  0.  Since  inserted  idle  time  is  not  allowed, 
task  Ts  will  be  scheduled  at  time  0  as  shown  in  Figure  3.4.  (In  Figure  3.4  striped 
rectangles  denote  execution  with  resource  /?/.  Unfilled  rectangles  represent  execution  with 
resource  Rq  {i.e.,  execution  with  no  resource).  An  execution  rectangle  open  on  the  right 
side  indicates  that  the  execution  was  preempted.  An  execution  rectangle  open  on  the  left 
side  indicates  that  a  previously  preempted  execution  is  resumed.)  At  time  1  task  T i  has  the 
nearest  deadline.  However,  since  7/  requires  the  resource  that,  in  the  worst  case,  is  in  use 
by  task  Tj  at  time  1,  task  T j  is  blocked  by  task  Tj.  Therefore,  task  7j  continues  execution 
at  time  1,  At  time  2,  task  T2  has  a  nearer  deadline  than  the  executing  task  7j.  Since 
r2  ^  rj,  one  might  be  tempted  to  allow  task  T2  to  preempt  task  T3.  However,  as  illustrated 
in  Figure  3,4,  such  a  decision  can  cause  task  7/  to  fail  at  time  5,  At  time  1,  it  is  no  longer 
sufficient  for  the  invocation  of  task  7j  occurring  at  time  0  to  be  completed  by  its  nominal 
deadline  at  time  20,  Since  tasks  7/  and  7j  share  a  resource,  when  task  7 /  is  invoked  at 
time  1,  the  invocation  of  task  7j  occurring  at  time  0  must  now  be  completed  no  later  than 
time  5;  the  initial  deadline  of  task  7;,  (Of  course  the  initial  invocation  of  task  7_?  must 
actually  be  completed  by  time  5  -  C;  =  4.  It  will  turn  out,  however,  that  this  is  not  a  useful 
observation,) 

The  challenge  is  to  quantify  precisely  when  a  task  invocation  must  be  completed.  We  claim 
that  an  invocation  of  a  resource  requesting  task  should  have  two  notions  of  a  deadline:  one 
for  the  initial  acquisition  of  the  processor,  and  one  for  subsequent  execution.  Specifically, 

tezi 
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Figure  3.4 
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when  a  resource  requesting  task  7,  is  invoked  at  time  tr,  the  invocation  should  have  an 
initial  deadline  equal  to  tr  +  pi  as  in  traditional  EDF  scheduling.  This  deadline  will  be 
referred  to  as  the  initial  or  contending  deadline.  Let  t^  be  the  time  that  the  invocation  of  task 
r,  occurring  at  time  tr  is  first  scheduled  (commences  execution).  After  time  t^,  the 
invocation  of  task  7,-  should  have  a  deadline  at  time  MIN(r^  +  pi,  {t^  +  1)  +  Pr)-  Thus, 

when  a  scheduler  fet  dispatches  an  invocation  of  task  7,-,  the  scheduler  will  potentially 
assign  Ti  a  nearer  deadline.  This  deadline  will  be  referred  to  as  the  execution  deadline. 
Since  we  assume  a  discrete  time  domain,  a  resource  requesting  task  7,  has  a  contending 
deadline  at  all  points  in  time  in  the  closed  interval  [tr,  ^5]  and,  assuming  C,  >  ^ ,  has  an 
execution  deadline  at  all  points  in  the  closed  interval  [t^+l,  tc-l].  where  tc  is  the  time  that 
the  execution  of  the  invocation  terminates.  (In  the  interval  between  the  completion  of  one 
invocation  and  the  start  of  the  next,  a  task  logically  has  a  deadline  of  infinity.)  This  is 
illustrated  in  Figure  3.5  which  plots  the  deadline  of  an  invocation  of  a  task  7,  that  has  an 
execution  deadline  of  (r^  +  1)  +  Pr-  as  a  function  of  time.  If  a  resource  consuming  task  has 

a  maximum  computational  cost  of  1,  then  it  will  never  have  an  execution  deadline.  Non¬ 
resource  requesting  tasks  require  no  special  treatment.  If  a  non-resource  requesting  task  Tj 
is  invoked  at  time  tr,  the  invocation  will  have  a  deadline  at  time  tr  +  pj  for  the  duration  of  its 
execution.  We  will  refer  to  our  scheme  of  dynamically  altering  the  deadlines  of  resource 
requesting  tasks  as  the  dynamic  deadline  modification  (DDM)  strategy. 

The  application  of  the  dynamic  deadline  modification  strategy  to  the  tasks  in  the  previous 
example  results  in  the  non-preemptive  schedule  illustrated  in  Figure  3.6.  Under  this  policy 
the  initial  invocation  of  task  7j  has  a  contending  deadline  at  time  20  as  before.  However, 
once  task  7j  is  scheduled  it  will  execute  with  a  deadline  equal  to  MIN(0  +  pi,  (0  -t- 1)  Pr) 
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Figure  3.6 

=  MIN(20,  1  +  4)  =  5.  That  is,  at  times  1  and  2,  task  Tj  has  a  deadline  at  time  5.  When 
task  Tz  is  invoked  at  time  2,  its  invocation  will  have  an  inirial  deadline  at  time  2  +  p:  =  12. 
At  time  2,  task  Tj  now  has  a  nearer  deadline  than  task  Tz  and  hence  an  EDF  scheduler  will 
not  allow  Tz  to  preempt  Tj  at  time  2. 

The  imposition  of  separate  deadlines  for  execution  and  initial  acquisition  of  the  processor 
ensures  that  blocked  tasks  become  unblocked  (ready)  as  soon  as  possible.  Although  an 
invocation  of  a  resource  requesting  task  may  now  execute  with  a  deadline  that  occurs 
before  the  end  of  the  invocation  interval,  this  “deadline”  is  indeed  a  deadline.  We  will 
eventually  show  that  the  task  system  can  fail  if  an  invocation  of  a  resource  requesting  task 
does  not  complete  execution  by  its  execution  deadline.  That  is,  there  can  exist  an 
invocation  of  a  task  that  is  not  completed  at  or  before  the  end  of  its  invocation  interval. 
Note  that  the  deadline  modification  rule  in  the  proposed  algorithm  is  pessimistic  in  the 
sense  that  it  requires  all  invocations  of  resource  requesting  tasks  to  execute  with  a  modified 
deadline  as  soon  as  any  blocking  can  possibly  occur  (i.e.,  immediately  after  they  are 
scheduled).  In  panicular,  resource  requesting  tasks  execute  with  a  modified  deadline 
independently  of  whether  or  not  any  blocking  can  actually  occur.  A  more  optimistic 
approach,  for  example,  would  be  to  modify  the  deadline  of  a  resource  requesting  task  only 
when  the  execution  of  the  task  actually  blocks  some  other  task.  In  Section  5  we  show  that 
such  an  optimistic  scheduling  strategy  is  inferior  to  the  pessimistic  strategy  we  are 
proposing. 

A  final  point  to  address  concerns  the  mutual  exclusion  constraints  on  access  to  resources. 
As  we  will  soon  demonstrate,  «the  combination  of  EDF  scheduling  with  the  dynamic 
deadline  modification  strategy  is  sufficient  for  ensuring  tasks  access  resources  in  a  mutualK 
exclusive  manner.  There  is,  however,  one  subtlety  in  the  case  that  there  exist  multiple 
outstanding  invocations  with  the  earliest  deadline.  To  guarantee  that  the  mutual  exclusion 
constraints  are  respected,  when  there  exist  multiple  tasks  with  outstanding  invocations  \\  ith 
the  earliest  deadline,  a  scheduler  must; 
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•  allow  the  currently  executing  task  to  continue  execution  if  it  has  the  earliest 
deadline, 

•  select  a  task  with  an  outstanding  invocation  that  has  been  preempted  before 
selecting  any  task  whose  outstanding  invocation  has  not  commenced 
execution.'* 

We  will  refer  to  the  combination  of  an  EDF  task  selection  policy  with  our  dynamic  deadline 
modification  strategy  and  tie  breaking  rules  as  earliest  deadline  first  scheduling  with 
dynamic  deadline  modification  (EDFA)DM).  We  validate  the  design  of  the  EDF/DDM 
scheduling  policy  by  demonstrating  that  it  is  an  optimal  discipline  (with  respect  to  the  class 
of  disciplines  that  do  not  use  inserted  idle  time)  for  scheduling  a  set  of  single  phase  tasks 
that  share  a  set  of  resources.  To  prove  optimality  it  suffices  to  show  that  the  satisfaction  of 
conditions  (1)  and  (2)  from  Theorem  3.2  is  sufficient  for  ensuring  that  the  EDF/DDM 
discipline  will  succeed  in  scheduling  a  set  of  tasks  with  shared  resources.  To  demonstrate 
that  the  discipline  succeeds  in  scheduling  a  set  of  tasks  it  must  be  shown  that  (1)  all 
invocations  of  all  tasks  complete  execution  before  the  end  of  their  respective  invocation 
intervals  and  that  (2)  the  mutual  exclusion  constraints  on  the  execution  of  resource 
requesting  tasks  are  respected.  The  following  lemma  demonstrates  that  the  EDF/DDM 
scheduling  discipline  enforces  the  mutual  exclusion  constraints  on  the  execution  of  resource 
requesting  tasks. 

Lemma  3.3:  The  EDF/DDM  scheduling  discipline  ensures  that  resources  are  accessed  in 
a  mutually  exclusive  manner. 

Proof:  It  suffices  to  show  that  a  task  that  requires  resource  Rj  can  neither  preempt  another 
task  that  requires  resource  Rj  nor  execute  while  such  a  task  is  preempted  when  scheduled 
by  the  EDF/DDM  scheduling  discipline. 

Let  task  7,  be  a  resource  Rj  requesting  task.  Let  r,  be  a  point  in  time  at  which  an  invocation 
of  task  Ti  commences  execution.  Let  t  >  f,  be  a  point  in  time  at  which  this  invocation  is 
either  executing  or  is  preempted.  Let  7*  be  a  resource  Rj  requesting  task  with  an 
invocation  that  is  contending  for  the  processor  at  time  t.  Let  tr  be  the  time  at  which  this 
invocation  by  task  Tk  was  made.  Note  that  under  the  EDF/DDM  scheduling  discipline,  in 
order  for  task  Tk  to  preempt  task  7;  or  to  execute  while  7,  is  preempted,  it  must  be  the  case 
that  ts<tr<t  (and  that  tr  +  pk<  t^  +  pi)  as  shown  in  Figure  3.7. 


Note  that  the  first  lie  breaking  rule  ensures  that  at  any  point  in  time  there  can  exist  only  one  preempted 
task  with  the  earliest  deadline. 
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Time  - 1— I - 1 - 1 - ► 

ts  tr  t  tr+Pk 

Figure  3.7 

The  invocation  of  task  Tk  occurring  at  time  will  have  an  initial  deadline  at  time 
dk  =  tr  +  Pk-  Since  task  7,  is  scheduled  at  time  its  invocation  must  have  a  deadline  no 
later  than  at  time  di  =  +  Pj  +  1  <  tj  +  p*  +  1.  Since  ts  <  t,  it  follows  that  di  <  dk.  If 

di  <  dk,  then  the  invocation  of  task  Tk  occurring  at  time  ^  will  not  be  scheduled  until  after 
the  invocation  of  task  T,  occurring  at  time  ts  has  completed  execution.  If  d,  =  dk,  then  since 
the  EDF/DDM  scheduling  discipline  gives  priority  to  the  currently  executing  task  and  then 
to  preempted  tasks,  task  Tk  will  again  not  be  scheduled  until  after  the  outstanding 
invocation  of  task  7,  has  completed  execution.  Therefore,  a  task  that  requires  resource  R, 
can  neither  preempt  another  resource  Rj  requesting  task  nor  execute  while  such  a  task  is 
preempted.  ~ 

Theorem  3.4;  Let  t  be  a  set  of  single  phase  sporadic  tasks  {7y,  T2, ...,  7^),  sorted  in 
non-decreasing  order  by  period,  that  share  a  set  of  m  serially  reusable,  single  unit 
resources  R  j,  R2, ...,  Rm-  The  EDF/DDM  discipline  will  succeed  in  scheduling  r  if 
conditions  (1)  and  (2)  from  Theorem  3.2  hold. 

Proof:  Lemma  3.3  has  shown  that  independently  of  the  conditions  necessary  for 
feasibility,  the  EDF/DDM  scheduling  discipline  maintains  the  mutual  exclusion  constraints 
on  the  execution  of  resource  requesting  tasks.  It  remains  to  show  that  the  use  of  the 
EDF/DDM  scheduling  discipline  guarantees  that  tasks  will  not  fail  if  conditions  (1)  and  (2) 
of  Theorem  3.2  hold.  This  will  be  shown  by  contradiction. 

Assume  the  contrary,  i.e.,  that  conditions  (1)  and  (2)  of  Theorem  3.2  hold  and  yet  a  task 
fails  at  some  point  in  time  when  t  is  scheduled  by  die  EDF/DDM  algorithm. 

For  a  set  of  tasks  r,  the  actual  processor  demand,  or  simply  the  processor  demand,  in  the 
interval  [a,  b\,  written  da,b,  is  defined  as  the  least  upper  bound  on  the  amount  of  processing 
time  actually  required  by  i  in  the  time  interval  [a,  b]  to  ensure  that  no  task  fails  in  the 
interval  [a.  b].  If  a  set  of  tasks  r  is  feasible,  then  for  all  a  and  b.  a  <  b.  it  follows  that 
da.b  ^  da.b  ^b-  a.  The  proof  proceeds  by  deriving  upper  bounds  on  the  actual  processor 
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demand  {i.e.,  the  achievable  prcKessor  demand)  for  an  interval  ending  at  the  time  at  which  a 
task  fails. 

Let  td  be  the  earliest  point  in  time  at  which  a  task  fails,  t  can  be  partitioned  into  three 
disjoint  subsets  Ai,  Aj,  and  Aj,  where 

Ai  =  the  set  of  tasks  that  have  an  invocation  with  an  initial  deadline  at  time  td, 

A2  =  the  set  of  tasks  that  have  an  invocation  occurring  prior  to  time  td  with 
initial  deadline  after  td,  and 

Aj  =  the  set  of  tasks  not  in  <4/  or  /12- 


Tasks  in  Aj  either  have  a  release  time  greater  than  td,  or  are  not  invoked  immediately  prior 
to  time  td.  As  will  soon  become  apparent,  to  bound  the  actual  processor  demand  prior  to  td, 
it  suffices  to  concentrate  on  the  tasks  in  A2.  Let  bj,  b2,  — ,  bk  be  the  invocation  times 
immediately  prior  to  t^  of  the  tasks  in  A2.  There  are  two  main  cases  to  consider. 

Case  1:  None  of  the  invocations  of  tasks  in  A2  occurring  at  times  ^2.  are 
scheduled  prior  to  time  td- 

Let  to  be  the  end  of  the  last  period  in  which  the  processor  was  idle.  If  the  processor  has 
never  been  idle  let  to  =  0.  In  the  interval  [to,  td],  the  actual  processor  demand  is  the  total 
processing  requirement  of  tasks  that  are  invoked  at  or  after  time  to,  with  deadlines  at  or 
before  time  td-  This  gives 


Since  there  is  no  idle  period  in  the  interval  [to,  td]  and  since  a  task  fails  at  td,  it  must  be  the 
case  that  >  td-  to-  Therefore 


td  -  to  < 


and  hence 


However,  liiii  is  a  contradiction  of  condition  (1).  Therefore,  if  conditions  (1)  and  (2)  hold 
and  the  EDF/DDM  scheduling  discipline  fails  to  schedule  r,  then  an  invocation  of  at  least 
one  task  in  A2  must  have*  been  scheduled  prior  to  tj. 

Case  2:  Some  of  the  invocations  of  tasks  in  A2  occurring  at  times  b;,  b: . bi_  are 

scheduled  prior  to  time  r^. 

Let  7,  be  the  last  task  in  A2  to  execute  prior  to  Let  r,  be  the  point  in  time  at  which  the 
invocation  of  7,  containing  the  point  td  commences  execution  (is  scheduled  for  the  first 
time).  Note  that  because  of  deadline- based  scheduling,  if  a  task  Tk  fails  at  time  then  it 
must  be  the  case  that  r,  <  td- Pk-  That  is,  the  invocation  that  fails  at  time  td  is  contained 
within  the  interval  [r„  td]  as  shown  in  Figure  3.8. 

We  will  show  that  if  the  invocation  interval  of  task  Ti  containing  the  point  td  is  scheduled 
prior  to  time  td,  then  there  must  have  existed  enough  processor  time  in  the  interval  [fi,  td]  to 
schedule  all  invocations  of  tasks  occurring  after  time  t,  with  deadlines  at  or  before  time 

There  are  two  sub-cases  to  consider  depending  on  whether  or  not  the  invocation  of  task  7, 
scheduled  at  time  r,  has  an  execution  deadline  less  than  or  equal  to  time  td-  If  this  is  the  case 
then  the  invocation  of  task  Ti  scheduled  at  time  f,  must  be  completed  at  or  before  time  td- 

Case  2a:  The  invocation  of  task  7,  scheduled  at  time  ti  has  an  execution  deadline  less  than 
or  equal  to  time  td. 

For  this  case  to  hold,  since  7,  is  in  A2,  task  Ti  must  be  a  resource  requesting  task.  We 
proceed  by  deriving  the  achievable  processor  demand  for  the  interval  [ti,  td].  If  a  task  fails 
at  time  td  then  the  following  facts  hold  for  Case  2a: 

0  Other  than  task  7„  no  task  with  period  greater  than  or  equal  to  td  -  t,  executes  in 
the  interval  [r„  td]. 

Since  an  invocation  of  task  7,  is  scheduled  at  time  r,  and  has  an  execution 
deadline  less  than  or  equal  to  td,  every  other  task  scheduled  in  [r,.  tj]  must  have 
had  an  initial  deadline  at  or  before  td.  Therefore,  if  an  invocation  of  a  task  7,. 
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with  period  greater  than  or  equal  to  td-U,  executes  in  the  interval  [ti,  td],  then 
this  invocation  of  Tj  must  have  been  available  for  execution  at  time  r,. 
Consequently,  since  the  invocation  in  question  of  task  7,  had  an  initial  deadline 
greater  than  time  td,  the  EDF/DDM  algorithm  would  have  chosen  task  Tj  before 
7j  in  the  interval  [t;,  td].  Therefore,  no  task  with  period  greater  than  or  equal  to 
td  -  ti  executes  in  the  interval  [t;,  td]. 

ii)  Other  than  task  Ti,  no  task  which  executes  in  [r,-,  td]  could  have  been  invoked  at 
time  ti. 

Again,  other  than  Ti,  every  task  that  executes  in  [r,-,  td]  has  an  initial  deadline  at 
or  before  td.  Therefore,  if  a  task  Ti  that  executes  in  [ti,  td]  had  been  invoked  at 
ti,  the  EDF/DDM  algorithm  would  have  scheduled  task  Ti  instead  of  task  Tj  at 
time  t,.  • 

Hi)  The  processor  is  fully  udlized  during  the  interval  [t,-,  td]. 

If  the  processor  is  ever  idle  in  the  interval  [r„  td],  then  the  analysis  of  Case  1  can 
be  applied  directly  to  the  interval  [to,  td]  —  where  to>  ti  +  C,  is  the  end  of  the 
last  idle  period  prior  to  time  td  —  to  reach  a  contradiction  of  condition  ( 1 ). 


Since  p,-  >  td  -  ti,  fact  (i)  indicates  that  only  tasks  Ti  -  Ti  need  be  considered  when 
computing  Since  the  invocation  of  task  7,  that  is  scheduled  at  time  r,  has  an  initial 

deadline  after  time  td,  all  task  invocations  occurring  prior  to  time  r,-  with  deadlines  at  or 
before  td  must  have  completed  execution  by  time  r,-  and  hence  do  not  contribute  to 

Similarly,  since  Ti  has  the  last  task  invocation  with  initial  deadline  after  td  that  executes 
prior  to  td,  all  invocations  of  tasks  7 y  -  7i_i  occurring  prior  to  time  td  with  deadlines  after 
td,  need  not  be  considered.  Lastly,  since  none  of  the  invocations  of  tasks  7 /  -  7,_i  that  are 
scheduled  in  the  interval  [r„  td]  occurred  at  time  U,  the  achievable  demand  due  to  tasks  7 ;  - 
7,_i  in  the  interval  [r„  rj  is  the  same  as  in  the  interval  [t,+l,  td].  These  observations,  plus 
the  fact  the  invocation  of  task  Ti  scheduled  at  time  r,  must  be  completed  before  time  td. 
indicate  that  the  actual  processor  demand  in  [ti,  td]  is  bounded  by 


-  d\ 


y=i 


i 


Let  L  =  td  -  ti.  Substituting  L  into  the  above  inequality  yields 


d 


< 


Since  (Hi)  indicates  that  there  is  no  idle  time  in  [f„  td],  and  since  a  task  failed  at  time  td.  it 
follows  that  dt^dd  ^  ^d-  h  and  hence  >  L.  Combining  this  with  the  inequality  above 
yields 
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y=i 

Since  the  invocation  of  task  Ti  scheduled  at  time  f;  has  an  execution  deadline  less  than  or 
equal  to  time  it  must  be  the  case  that  (r,  +  1)  +  Pr^<  Hence: 

frf-a.  +  l)  >  Pr,, 
td-ti  >  Pr,, 

Pi  >  td-ti  >  Pr,, 

Pi  >  L  >  Pr^  . 

Therefore  inequality  (3.1)  above  contradicts  the  assumption  that  condition  (2)  was  true. 

Case  2b:  The  invocation  of  task  T,  scheduled  at  time  li  has  an  execution  deadline  greater 
than  rime  1^. 

This  will  be  the  case  if  task  Ti  is  either  a  non-resource  requesting  task  (r,  =  0),  or  if 
(r,  +  1)  +  Pr.>  td-  The  implication  of  this  case  is  that  the  invocation  of  task  7,  scheduled  at 

time  ti  need  not  be  completed  before  time  td.  That  is,  since  the  invocation  of  task  7, 
scheduled  at  time  ti  has  a  deadline  after  td,  it  follows  that  7,  may  be  preempted  by  any  task 
with  an  invocation  interval  contained  within  the  interval  [r„  td].  This  is  possible  because, 
since  td  -  ti  <  P^^,  task  7,  can  not  share  a  resource  with  any  task  that  can  possibly  have  an 

invocation  interval  contained  within  the  interval  [r„  td]. 

Let  to  >  ti  be  the  later  of  the  end  of  the  last  idle  period  in  [ti,  td]  or  the  rime  task  7,  last  stops 
execution  prior  to  td.  Since  the  invocation  of  task  Ti  scheduled  at  time  r,  has  a  deadline 
greater  than  td  and  since  Ti  is  preemptable  by  any  task  that  executes  in  [r,,  all 
invocations  of  tasks  occurring  prior  to  time  to  with  deadlines  less  than  or  equal  to  td  must 
have  completed  execution  by  to.  The  analysis  of  Case  1  can  be  applied  directly  to  the 
interval  [to,  td]  to  reach  a  contradiction  of  condition  (1). 

This  concludes  Case  2.  We  have  shown  that  in  all  cases,  if  the  EDF/DDM  scheduling 
discipline  fails,  then  either  condition  (1)  or  condition  (2)  from  Theorem  3.2  must  have  been 
violated.  This  proves  the  theorem.  □ 

Corollary  3.5;  With  respect  to  the  class  of  scheduling  algorithms  that  do  not  use 
inserted  idle  time,  the  EDF/DDM  discipline  is  an  optimal  discipline  for  scheduling  a  set  of 
sporadic  tasks  that  share  a  set  of  serially  reusable,  single  unit  resources. 
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Proof:  The  proof  follows  immediately  from  Theorems  3.2  and  3.4.  □ 

4.  Multiple  Phase  Task  Systems 

In  this  section  we  demonstrate  how  the  EDF/DDM  scheduling  algorithm  developed  for 
scheduling  single  phase  sporadic  tasks  can  be  extended  to  successfully  schedule  multiple 
phase  sporadic  tasks  that  share  a  set  of  resources.  The  extension  is  straightforward  and 
preserves  the  optimality  of  the  EDF/DDM  discipline. 

4.1  Feasibility  Conditions  for  Multiple  Phase  Task  Systems 

The  following  theorem  gives  the  appropriate  necessity  conditions  for  the  feasibility  of  a  set 
of  multiple  phase  tasks. 

Theorem  4.1;  Let  r  be  a  set  of  multiple  phase  sporadic  tasks 

{ Ti  =  {Si,  { (Cy,  Cij,  rij)  1  I  <_/  <  n,),  p,)  I  1  <  i  <  n } , 

sorted  in  non-decreasing  order  by  period,  that  share  a  set  of  m  serially  reusable,  single  unit 
resources  Ri,  R2,  ■■■,Rm-  If  f  can  be  scheduled  on  a  uniprocessor  without  inserted  idle 
time,  then; 


n 


2)  Vi,  \  <i<n\'^k,\  <k<  m  and  ^  0;  VL,  Pr^  <L<Pi-  Sik'. 

/=i 


where: 

/=! 


•  Pr,i^  =  MLN  (pj  I  rji  =  r^k  for  some  /,!</<  rtj),  and 

I  <j<n 

[0  if  =  1, 

^  <  k  <  n,. 
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The  feasibility  conditions  are  similar  to  those  for  single  phase  tasks.  The  parameter  £■, 
represents  the  maximum  computational  cost  of  an  invocation  of  task  T,  and  replaces  the  C, 
term  in  condition  (1).  Condition  (2)  now  applies  to  only  a  resource  requesting  phase  of 
task  r,  rather  than  to  the  task  as  a  whole.  Because  of  this,  the  range  of  L  in  condition  (2)  is 
more  restricted  than  in  the  single  phase  case.  The  range  of  L  is  more  restricted  because  of 
the  precedence  constraints  imposed  on  the  execution  of  phases  in  multiple  phase  tasks. 
Since  the  phase  of  a  task  Ti  cannot  start  until  all  previous  phases  have  terminated,  the 
earliest  time  phase  k  can  be  scheduled  is  Sik  time  units  after  the  start  of  an  invocation  of  7,. 
Therefore,  for  the  k‘^  phase  of  a  task,  the  range  of  internals  of  length  L  in  which  one  must 
compute  the  achievable  processor  demand  will  be  shorter  than  in  the  single  phase  case  by 
the  sum  of  the  minimum  costs  of  phases  1  through  ^-1.  Also  note  that  no  demand  due  to 
phases  of  7,  other  than  k  appear  in  (2).  In  the  event  that  each  task  in  r  consists  of  only  a 
single  phase,  conditions  (1)  and  (2)  reduce  to  the  conditions  of  Theorem  3.2. 

Proof:  To  demonstrate  the  necessity  of  conditions  (1)  and  (2)  for  arbitrary  release  times, 
by  Lemma  3.1,  it  suffices  to  demonstrate  the  existence  of  release  times  for  which 
conditions  (1)  and  (2)  are  necessary  for  feasibility. 

The  construction  for  the  necessity  of  condition  (1)  is  identical  to  the  one  used  in  the  proof 
of  Theorem  3.2  and  will  not  be  repeated  here.  For  condition  (2)  choose  a  task  7„ 
1  <  i  <  «,  and  choose  a  phase  k  of  7„  1  <  k  <  n,-,  such  that  rik  ^  0,  and  <  Pi-  Let  .v,  =  0 

and  Sj  =  Sik  *'■  1  for  ail  y>  1  i.  This  gives  rise  to  the  pattern  of  initial  task 

invocations  shown  in  Figure  4.1. 

For  all  L,  L  >  Pr^,  the  interval  [S,/fe,  S,jk+L]  contains  at  least  one  entire  invocation  of  a  task 
that  will  require  resource  r,A.  Therefore,  if  r  is  to  be  feasible  then,  in  the  worst  case,  the 
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0 
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SikSik-^^  Sik+L  p. 

Figure  4. 1 
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computation  of  task  started  at  time  0  must  have  its  phase  completed  in  the  interval 
-Sii+L],  Hence  for  all  L,  <  L  <  pi  -  Sik,  in  the  interval  [Suc,  S^k-^L],  the 


achievable  processor  demand,  is 

ds,„s,,.L  =  C,k  + 


For  all  L,L>  Pr^,  the  interval  [5,*,  S,;fc+L]  contains  at  least  one  entire  invocation  of  a  task 
that  will  require  resource  rik.  Therefore,  if  r  is  to  be  feasible  then,  in  the  worst  case,  the 
computation  of  task  7,  started  at  time  0  must  ha^^e  its  phase  completed  in  the  interval 
[Sih  5,i+L].  Hence  for  all  L,  <  L  <  Pi  -  Sik,  in  the  interval  [5,;;,  S,j:+L],  the 
achievable  processor  demand,  is 

d-s,.s.,,L  =  c„  +  I  . 

Note  that  it  is  not  necessary  for  phases  of  task  Ti  beyond  phase  k  to  execute  in  [0,  L]  in 
order  to  ensure  that  a  task  does  not  fail  in  the  interval  [0,  L].  For  r  to  be  feasible  it  must  be 
case  that  L  >  hence 

^  ^  *  S  ■  - 

;=i 


4.2  Scheduling  Multiple  Phase  Task  Systems 

The  EDF/DDM  scheduling  discipline  was  originally  formulated  for  single  phase  sporadic 
tasks.  To  see  how  it  can  be  extended  to  handle  tasks  with  multiple  phases,  it  will  be 
instructive  to  view  a  multiple  phase  sporadic  task 

Ti  =  (Si,  {(dj,  Cij,  rij)  I  1  <;■  <  n,},  p;), 

as  set  of  rii  single  phase  sporadic  tasks 

{ T,i  =  (5„  ic,j,  Cij,  rij).  Pi)  I  1  <;'  <  n.) . 

For  a  given  value  of  i,  all  tasks  in  [Tij  I  1  <_/'<«,)  conceptually  are  invoked  simultaneously 
and  are  scheduled  such  that  the  k‘^  invocation  of  task  7^,  1  ^  d,  is  not  scheduled  until 

the  k‘^  invocation  of  task  7y_i  has  completed  execution.  (Note  that  for  a  given  value  of  i. 
since  all  tasks  in  {7,_,  I  1  <y  <  n,)  are  invoked  simultaneously,  outstanding  invocations  of 
tasks  7,y  will  always  have  the  same  deadline.  Therefore,  the  EDF/DDM  scheduling 
discipline  can  be  made  to  enforce  the  precedence  constraints  on  the  execution  of  these 
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single  phase  tasks  by  funher  biasing  its  algorithm  for  selecting  a  task  for  execution  when 
there  exist  more  than  one  ready  task  with  the  earliest  deadline.)  It  should  be  clear  that  the 
execution  of  the  set  of  single  phase  tasks  [Tij]  defined  above  will  be  equivalent  to  the 
execution  of  a  multiple  phase  task  Ti.  This  motivates  the  treatment  of  each  phase  ot  a 
multiple  phase  task  as  a  logical  single  phase  task.  Specifically,  each  resource  requesting 
phase  of  a  multiple  phase  task  should  have  both  a  contending  and  an  execution  deadline. 

Let  tr  be  a  point  in  time  at  which  a  task  Ti  is  invoked.  Let  be  the  time  that  the  phase 
of  the  invocation  of  task  7/  made  at  time  tr  is  first  scheduled  (commences  execution)  and  let 
tck  be  the  time  that  this  phase  terminates.  In  the  interval  [tr,  tsi],  task  7,  will  have  a 
contending  deadline  equal  to  tr  +  pi  as  in  traditional  EDF  scheduling.  For  all  1  <  ^  < 
if  rik  ^  0  and  Cik  >  L  then  in  the  interval  [r5yt+l,  tcfc-1].  t^sk  7,  will  have  an  execution 
deadline  equal  to  MIN(r^  +  p,-,  (tsk  +  1)  +  Pi-J-  Between  phases  task  7;  will  be  considered 

to  be  conceptually  contending  for  the  processor.  At  the  time  of  the  completion  ot  each 
phase,  tck,  1  ^  k  <  the  deadline  of  task  Tk  will  revert  to  the  initial  deadline  for  this 
invocation.  Hence  for  all  1  <  /:  <  n,-,  in  the  interval  [tck,  L(t:+i)].  t^sk  7,  will  have  a 
deadline  at  time  tr  +  pi-  Figure  4.2  illustrates  how  a  multiple  phase  task’s  deadline  can 
change  dynamically  throughout  an  invocation  interval.  It  shows  an  execution  of  a  multiple 
phase  task  7,  =  (5,-,  {(3,3,r,i),  (3,3,r,-2),  (10, 10, r, 3)),  p,)  where  each  phase  has  an 
execution  deadline  that  differs  from  its  contending  deadline. 

We  will  refer  to  the  extended  version  of  the  EDF/DDM  scheduling  discipline  as  the 
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generalized  EDFIDDM  discipline.  We  again  validate  the  design  of  this  discipline  by 
demonstrating  that  it  is  an  optimal  policy  for  scheduling  a  set  of  multiple  phase  tasks  that 
share  a  set  of  resources.  To  prove  optimality  it  suffices  to  show  that  the  satisfaction  of 
conditions  (1)  and  (2)  from  Theorem  4.1  is  sufficient  for  ensuring  that  the  generalized 
EDF,'DDM  discipline  will  succeed  in  scheduling  a  set  of  multiple  phase  tasks  with  shared 
resources.  To  demonstrate  that  the  discipline  succeeds  in  scheduling  a  set  of  tasks  it  must 
be  shown  that  (1)  all  invocations  of  all  tasks  complete  execution  before  the  end  of  their 
respective  invocation  intervals  and  that  (2)  the  mutual  exclusion  constraints  on  the 
execution  of  resource  requesting  phases  of  tasks  are  respected.  The  following  lemma 
demonstrates  that  the  EDF/DDM  scheduling  discipline  enforces  the  mutual  exclusion 
constraints  on  the  execution  of  resource  requesting  phases. 

Lemma  4.2:  The  generalized  EDF/DDM  scheduling  discipline  ensures  that  resources  are 
accessed  in  a  mutually  exclusive  manner. 

Proof:  The  proof  is  largely  identical  to  the  proof  of  Lemma  3.3  and  will  not  be  repeated 
here.  n 

Theorem  4.3:  Let  r  be  a  set  of  multiple  phase  sporadic  tasks  [T T2, T^},  sorted  in 
non-decreasing  order  by  period,  that  share  a  set  of  m  serially  reusable,  single  unit 
resources  Rj,  R2,  The  generalized  EDF/DDM  discipline  will  succeed  in 

scheduling  rif  conditions  (1)  and  (2)  of  Theorem  4.1  hold. 

Proof:  It  suffices  to  show  that  the  use  of  the  generalized  EDF/DDM  scheduling  discipline 
guarantees  that  tasks  will  not  fail  if  conditions  (1)  and  (2)  of  Theorem  4.1  hold.  The  proof 
is  quite  similar  to  the  proof  of  Theorem  3.4  and  will  be  presented  in  an  abbreviated  manner. 

Assume  the  contrary,  i.e.,  that  conditions  (1)  and  (2)  hold  and  yet  a  task  fails  at  some  point 
in  time  when  ris  scheduled  by  the  generalized  EDF/DDM  algorithm.  Let  td  be  the  earliest 
point  in  time  at  which  a  task  fails,  r  can  be  partitioned  into  three  disjoint  subsets  A/,  A2, 
A]  as  in  the  proof  of  Theorem  3.4.  To  bound  the  actual  processor  demand  prior  to  td,  it 
suffices  to  concentrate  on  the  tasks  in  A2.  Let  bi,  b2,  ...,  b^  be  the  invocation  times 
immediately  prior  to  of  the  tasks  in  A?.  There  are  two  main  cases  to  consider. 

Case  1 :  None  of  the  invocations  of  tasks  in  A2  occurring  at  times  bi,  b2 . b^  are 

scheduled  prior  to  time  td- 
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This  is  identical  to  Case  1  in  the  proof  of  Theorem  3.2.  If  none  of  the  invocations  of  tasks 
in  A2  occurring  at  times  bj,  b2,  ...,  bk  are  scheduled  prior  to  then  condition  (1 )  could 
not  have  been  true. 


Case  2:  Some  of  the  invocations  of  tasks  in  A2  occurring  at  times  bi,  b2,  bk  are 
scheduled  prior  to  time 

Let  Ti  be  the  last  task  in  A2  to  execute  prior  to  td-  Let  h  be  the  last  phase  of  task  7,  to 
execute  prior  to  time  td-  Let  r,-  be  the  point  in  time  at  which  phase  h  of  task  7,  commences 
execution  (is  scheduled  for  the  first  time).  There  are  two  sub-cases  to  consider  depending 
on  whether  or  not  the  phase  of  task  7,  scheduled  at  time  r,  has  an  execution  deadline  less 
than  or  equal  to  time  td- 

Case  2a:  The  phase  of  task  7,  scheduled  at  time  f,  has  an  execution  deadline  less  than  or 
equal  to  time  td. 

If  a  task  fails  at  time  td  then  facts  (i)  -  (Hi)  from  the  proof  of  Theorem  3.4  hold  for  the 
present  case.  The  actual  processor  demand  in  [r,-,  td]  is  bounded  by 

;=i 

(Note  that  since  phase  h  of  task  Ti  is  the  last  phase  of  7j  to  execute  prior  to  td,  7; 
contributes  only  C,/,  to  dtj^) 


Let  L  =  td  -  ti.  Since  there  can  be  no  idle  time  in  [ti,  td],  and  since  a  task  failed  at  td.  it 
follows  that  >  td-  ti,  and  hence  >  L.  Therefore, 


L 


The  earliest  phase  h  of  task  7j  can  be  scheduled  is  5,7,  time  units  after  7,  is  invoked. 
Therefore,  since  7,  was  in  A2,  it  follows  that  p,  -  5,7,  >  td  -  ti.  Moreover,  since  phase  h  of 
task  Ti  had  an  execution  deadline  less  than  or  equal  to  td,  we  have  td-ti>  Pr^  and  hence 
Pi  -  5,7,  >  L>  Pr^.  Therefore  the  above  inequality  contradicts  the  fact  that  condition  (2)  was 
assumed  to  be  true. 


Case  2b:  The  phase  of  task  7;  scheduled  at  time  f,  has  an  execution  deadline  greater  than 


time  td- 
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Let  to  >  ti  be  the  later  of  the  end  of  the  last  idle  period  in  [r„  td]  or  the  time  the  h‘^  phase  of 
task  r,  last  stops  execution  prior  to  td.  The  analysis  of  Case  1  can  be  applied  directly  to  the 
interval  [to,  td]  to  reach  a  contradiction  of  condition  (1). 

This  concludes  Case  2.  We  have  shown  that  in  all  cases,  if  the  generalized  EDF/DDM 
scheduling  algorithm  fails,  then  either  condition  (1)  or  condition  (2)  of  Theorem  4.1  must 
have  been  violated.  This  proves  the  theorem.  □ 

Theorem  4,4:  With  respect  to  the  class  of  scheduling  algorithms  that  do  not  use  insened 
idle  time,  the  generalized  EDF/DDM  discipline  is  an  optimal  discipline  for  scheduling  a  set 
of  multiple  phase  sporadic  tasks  that  share  a  set  of  serially  reusable,  single  unit  resources. 

Proof:  The  proof  follows  immediately  from  Theorems  4.1  and  4.3.  n 

5 .  Discussion 

In  this  section  we  present  an  Oimpn)  algorithm  for  deciding  if  a  set  of  tasks  is  feasible 
where  pn  is  the  period  of  the  “largest”  task  and  m  is  the  number  of  shared  resources  in  the 
system.  In  addition  we  revisit  some  of  the  assumptions  and  restrictions  present  in  the 
system  model  of  Section  2.  Having  proved  necessary  and  sufficient  conditions  for 
feasibility,  we  can  provide  additional  motivation  for  our  specific  choice  of  tasking  and 
resource  model,  our  emphasis  on  scheduling  without  inserted  idle  time,  and  the  necessity 
of  a  pessimistic  scheduling  discipline.  Lastly,  we  discuss  some  issues  concerning  the 
implementation  of  our  system  model. 

5.1  The  Complexity  of  Deciding  Feasibility 

Conditions  (1)  and  (2)  of  Theorem  4.1  can  be  used  as  the  basis  of  a  decision  procedure  for 
deciding  the  feasibility  of  a  set  of  sporadic  tasks  that  share  a  set  of  serially  reusable,  single 
unit  resources.  By  Theorems  4.3  and  4.4,  a  set  of  tasks  will  be  feasible  if  and  only  if  they 
satisfy  conditions  'i)  and  (2).  A  set  of  tasks  can  be  described  with  inputs. 

Deciding  if  condition  (1)  holds  is  straightforward  and  can  be  performed  in  time  linear  in  the 
number  of  inputs.  As  described  next,  we  can  determine  if  a  set  of  sporadic  tasks  satisfy 
condition  (2)  in  time  O(mpn).  Note  that  for  all  tasks  7„  the  maximum  computational  cost 
of  the  task  is  at  least  as  big  as  the  number  of  phases  in  the  task,  i.e.,  >  n,.  Therefore, 

for  task  sets  of  size  n  that  satisfy  condition  (1) 
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Pn  ^  ^  I?-!".' 


A  set  of  sporadic  tasks  can  be  tested  against  condition  (2)  in  time  O(mpn),  as  follows.  Let 


m  = 


Intuitively,  /(L)  is  the  achievable  processor  demand  in  the  interval  [0,  Z^l]  when  all  tasks 
are  released  at  time  zero.  To  test  condition  (2)  we  restrict  our  attention  to  values  of  L 
between  pi  and  To  compute  /(L)  for  all  L,  p;  <  L  <  initialize  an  array  of  integers  .4 
of  size  pn  to  zero.  For  each  task  T k,  \  k  <  n,  add  Ek  to  location  j  of  array  A  for  all  j  that 
are  multiples  of  p^.  At  the  completion  of  this  process  the  sum  of  the  fu-st  I  -  1  locations  of 
A  will  be  /(/).^  Using  this  method,  the  total  time  required  for  the  computation  of  fiL)  for 
all  L,p;  <  L  <  p„,  is  0(pn)  plus  the  time  required  to  compute  the  F,  plus  the  maximum 
number  of  task  invocations  that  must  complete  execution  before  time  Pn  -  1  when  all  tasks 
are  released  at  time  zero.  If  a  set  of  tasks  satisfies  condition  (1)  then  the  second  and  third 
terms  can  be  at  most  p„.  Therefore  the  time  required  to  compute  fiL)  for  all  L.  p/  <  L  < 
Pn,  is  Oipn).  Note  that  if  /  <  pi,  for  some  task  7,,  then 


For  each  shared  resource  R,  let 

Mr(p}  =  min  (  L  -  /(L) ) . 

P,f<L<p 


Intuitively,  Mpip)  is  the  minimum  amount  of  time  the  processor  will  have  been  idle  in  the 
interval  [0,  L-1],  for  all  L  <  p,  if  all  tasks  with  periods  less  than  p  are  released  at  time  zero 
(and  all  tasks  with  period  greater  than  or  equal  to  p  are  released  at  or  after  time  p).  For  a 
resource  R,  the  time  required  for  computing  M/?(p)  for  all  p,  7^  <  p  <  Pn,  is  Oipn).  If  there 
are  m  resources  in  the  system  then  the  total  time  required  to  compute  M pip)  for  all 
resources  in  the  system  is  0(mp„).  A  set  of  tasks  will  satisfy  condition  (2)  if  and  only  if 
for  each  task  :,  \  <  i  <  n,  and  each  phase  k,\<k<  m,  Mr^fpi  -  S,k)  ^  Cik-  Given  Mpip) 
for  all  R  and  for  all  p,Pp  <p  < p„,  this  final  determination  can  be  made  in  time 


^  Note  that  the  array  A  need  only  be  of  size  p,  -  pj  since  for  all  /,  0  <  /  <  p,.  /(/)  =  0.  However,  this 
optimization  does  not  effect  the  time  complexity  of  the  computation. 
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Therefore,  the  time  required  to  the  decide  feasibility  of  a  set  of  sporadic  tasks  is  dominated 
by  the  time  required  to  compute  Mr(p)  for  all  resources  /?;  namely  O(mpn).  Variations  ot 
this  algorithm  are  discussed  in  [Jeffay  et  al.  90], 

Note  that  the  time  complexity  depends  on  the  value  of  one  of  the  inputs.  Since  the  size  of 
an  input  cannot  be  expressed  as  a  polynomial  in  the  length  of  the  input,  our  decision 
procedure  is  a  pseudo-polynomial  time  algorithm  [Garey  &  Johnson  79].  However,  this 
does  not  necessarily  imply  intractability  in  practice.  For  any  bound  on  the  size  of  the 
inputs,  our  algorithm  is  polynomial  in  this  bound.  Therefore,  if  we  impose  an  upper 
bound  on  the  size  of  the  inputs,  say  2*^,  then  the  decision  procedure  is  polynomial  for 
these  restricted  problems.  For  descriptions  of  task  sets  that  are  most  likely  to  be 
encountered  in  practice,  one  can  efficiently  determine  the  feasibility  of  the  tasks. 

Parameters  for  the  decision  procedure  such  as  task  periods  are  typically  specified  as  part  of 
the  system  design  or  are  derivable  from  an  examination  of  the  execution  environment. 
Minimum  and  maximum  phase  execution  times  can  be  computed  by  hand  or  by  automated 
tools.  For  example,  a  compiler  that  emits  minimum  and  maximum  execution  times  for 
source  language  level  constructs  (e.g.,  procedures,  statements,  expressions)  has  been 
reported  by  Park  and  Shaw  [Park  &  Shaw  90]. 

5,2  Optimistic  Versus  Pessimistic  Scheduling 

In  Section  2  we  derived  the  DDM  rule  for  dynamically  modifying  the  deadline  for  an 
invocation  of  a  resource  requesting  task.  This  rule  was  introduced  to  ensure  that  blocked 
tasks  become  unblocked  (ready)  as  soon  as  possible.  The  DDM  rule  is  pessimistic  in  the 
sense  that  it  requires  all  invocations  of  resource  requesting  tasks  to  execute  with  a 
potentially  modified  deadline  independently  of  whether  or  not  any  blocking  has,  or  will, 
actually  occur.  Furthermore,  if  an  invocation  of  a  resource  requesting  task  is  assigned  a 
new  deadline  after  commencing  execution,  the  DDM  rule  is  pessimistic  in  the  choice  of  the 
new  deadline.  By  assigning  a  new  deadline  that  is  a  function  of  Pj,  for  the  appropriate 
value  of  j,  the  DDM  rule  is  in  effect  assuming  that  if  a  task  will  become  blocked  it  will  be 
the  smallest  task  that  shares  a  resource  with  the  blocking  task.  Although  it  was 
demonstrated  that  the  DDM  rule  lead  to  an  optimal  scheduling  discipline,  it  is  instructive  to 
examine  some  of  the  pitfalls  of  a  more  optimistic  scheduling  strategy. 

A  more  optimistic  approach  to  scheduling  would  be  to  modify  the  deadline  of  a  resource 
requesting  task  only  when  an  invocation  of  the  task  actually  blocks  some  other  task  and  in 
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addition  have  the  new  deadline  be  a  function  of  the  period  of  the  blocked  task  (e.g..  see 
[Jeffay  89b]).  For  example,  in  the  single  phase  case,  when  a  resource  requesting  task  7;  is 
invoked  at  time  tr.  the  invocation  should  have  an  initial  deadline  equal  to  t  +  p,  as  before. 
Let  ts  be  the  time  this  invocation  of  task  7,  commences  execution  and  let  tc  be  the  time  it 
terminates.  If  at  time  l\  ts  <  t'  <  tc,  an  invocation  of  some  other  task  Tj  becomes  blocked 
by  7„  then  at  time  t'  the  deadline  of  T,  should  be  advanced  to  time  MIN(tr  +  Pi,  t'  •+■  Pj)- 
For  example,  consider  the  following  (feasible)  set  of  single  phase  tasks:  (recall  7  =  {release 
time,  {minimum  cost,  maximum  cost,  resource),  period)) 

r-  {  7;  =(2,(1,  1,  1),3) 

72  =  (1,(2,  2,  0),7) 

7j  =  (0,  (3,  3.  1),10)  ). 

Figure  5.1  shows  the  execution  of  these  tasks  under  the  optimistic  scheduling  policy 
outlined  above.  (For  comparison.  Figure  5.2  shows  the  execution  of  the  tasks  under  the 
EDF/DDM  scheduling  discipline.)  Initially  task  7j  is  scheduled.  At  time  1  the  EDF/DD,\I 
policy  would  assign  task  7j  an  execurion  deadline  of  time  1  +  Pj  =4.  Under  the  proposed 
optimistic  policy,  since  no  task  is  actually  blocked  at  time  1,  task  7j  would  retain  its 
original  deadline  of  time  10.  Therefore,  since  task  T2  is  initially  invoked  at  rime  1  and  has 
a  deadline  at  time  8,  the  optimistic  policy  would  allow  task  Ti  to  preempt  task  7j  at  time  1 
since  Ti  has  the  earliest  deadline  at  time  1.  Task  7y  is  immediately  blocked  when  it  is 
invoked  at  time  2  since  it  requires  the  resource  held  by  task  7j.  At  this  point  the  optimistic 
policy  would  assign  task  7j  a  deadline  of  time  2  +  py  =  5;  enabling  7j  to  preempt  the 
currently  executing  task.  This  results  in  the  initial  invocations  of  all  tasks  to  complete 
execution  before  their  deadlines. 

This  example  suggests  that  the  optimistic  policy  we  have  proposed  is  at  least  as  good  as  the 
pessimistic  EDF/DDM  policy.  It  turns  out  that  this  is  not  the  case.  To  see  that  the 
pessimistic  deadline  modification  rule  is  indeed  warranted,  consider  the  following  set  of 
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single  phase  tasks  that  share  resource  R j  and  R2'- 

T=  {  T;  =(3,(1,  1,  1),4) 

T2  =  (2,  (2,  2,  2),  6) 

Tj  =  (1,  (3,  3,  1),15) 
r4  =  (0,  (3,  3,  2),  17)}. 

Figure  5.3  depicts  a  simulation  of  an  EDF  scheduling  discipline  with  the  optimistic  deadline 
modification  strategy.  When  tasks  T4  and  T3  are  invoked  they  will  have  deadlines  at  time 
17  and  16  respectively.  Task  T4  will  execute  until  time  one  at  which  point  it  will  be 
preempted  and  task  T3  will  be  scheduled.  At  time  2  an  invocation  of  task  T2  has  the  nearest 
deadline  but  is  blocked  by  the  uncompleted  invocation  of  task  74.  Therefore,  at  time  2  task 
T4  is  assigned  a  new  deadline  of  time  2  +  p2  =  8.  This  causes  task  T4  to  resume  execution 
at  time  2.  Similarly,  since  task  Tj  becomes  blocked  by  task  T3  at  time  3,  at  time  3  the 
invocation  of  task  T3  made  at  time  1  is  assigned  a  new  deadline  of  time  3  +  pi  =1 3it  time 
3.  This  causes  task  T3  to  resume  execution  at  time  3.  Eventually  task  T2  misses  a  deadline 
at  time  8. 


However,  this  task  set  is  feasible  as  it  satisfies  both  conditions  (1)  and  (2)  of  Theorem  3.2. 
Figure  5.4  shows  the  effect  of  scheduling  this  task  set  according  to  the  EDF/DDM 
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Figure  5.4 

discipline.  Note  that  the  execution  of  these  tasks  is  non-preemptive.  The  reason  for  the 
failure  of  the  more  optimistic  policy  can  be  seen  by  revisiting  the  construction  used  in  the 
proof  of  Theorem  3.2  to  demonstrate  the  necessity  of  condition  (2)  for  the  feasibility  of  .i 
set  of  single  phase  tasks.  Condition  (2)  describes  a  least  upper  bound  on  the  achievable 
processor  demand  for  an  interval  I  of  length  L  that  is  contained  within  the  invocation 
interval  of  a  resource  requesting  task  T/.  The  key  observation  is  that  this  bound  contains 
the  computational  cost  of  only  a  single  invocation  of  a  single  task  (namely  task  7,)  that  can 
not  be  wholly  contained  within  the  interval  /  (see  Figure  3.2).  That  is,  in  the  worst  case 
there  exists  only  one  task  invocation  not  contained  within  the  interval  /  that  mas:  be 
completed  within  /.  Theorem  3.4  has  shown  that  this  scenario  is  indeed  the  worst  case  one 
need  consider. 

The  optimistic  deadline  modification  strategy  outlined  above  is  inferior  because  it  admits  the 
computational  cost  of  more  than  one  task  with  an  invocation  interval  not  wholly  contained 
within  the  interval  /  into  the  processor  demand  for  this  interval.  In  the  example  above, 
consider  the  interval  /  =  [0,8]  contained  within  an  invocation  interval  of  the  resource 
requesting  task  T4.  Under  an  optimistic  deadline  modification  strategy,  invocations  of  both 
tasks  Tj  and  T4  must  be  completed  within  the  interval  I.  Under  the  pessimistic  deadline 
modification  strategy  only  an  invocation  of  task  T4  must  be  completed  within  the  interval  /. 
For  this  interval  of  length  L  =  8,  the  processor  demand  is  higher  under  the  optimistic 
deadline  modification  strategy  than  under  the  pessimistic  strategy.  Any  scheduling  policy 
that  allows  the  processor  demand  within  the  invocation  interval  of  a  task,  to  exceed  the 
bound  given  by  condition  (2)  will  necessarily  be  non-optimal.  The  optimistic  deadline 
modification  strategy  fails  in  the  second  example  for  precisely  this  reason.  Therefore, 
although  the  EDF/DDM  discipline  always  schedules  resource  requesting  tasks  as  if  the 
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smallest  competing  task  becomes  blocked  immediately  after  any  resource  requesting  task 
commences  execution,  such  an  approach  is  indeed  necessary. 


5.3  Feasibility  Versus  Processor  Utilization 

Condition  (1)  of  Theorems  3.2  and  4.1  requires  that  the  cumulative  utilization  of  a  set  of 
tasks  not  overload  the  processor.  It  is  important  to  note  that  this  is  the  only  feasibility 
condition  that  constrains  the  achievable  utilization  of  a  real-time  task  set.  Although 
condition  (2)  of  these  theorems  constrains  the  achievable  utilization  over  a  relatively  shon 
and  well-defined  set  of  intervals,  it  does  not  constrain  the  overall  processor  utilization.  The 
feasibility  of  a  set  of  sporadic  tasks  that  share  a  set  of  resources  is  not  a  function  of 
processor  utilization  (to  the  extent  that  the  tasks  do  not  overload  the  processor).  It  is 
possible  to  conceive  of  both  feasible  task  sets  that  have  a  processor  utilization  of  1 .0.  and 
infeasible  task  sets  that  have  arbitrarily  small  processor  utilization. 


The  implication  of  this  is  that  manipulating  infeasible  task  sets  according  to  such  '‘rules-of- 
ihumb”  as  lowering  the  overall  processor  utilization  will  not  necessarily  yield  a  feasible  task 
set.  For  example,  one  approach  to  scheduling  tasks  that  share  resources  has  been  to  reduce 
the  analysis  of  a  set  of  periodic  tasks  with  preemption  or  mutual  exclusion  constraints  to  the 
analysis  of  a  set  of  periodic  tasks  without  such  constraints  [Mok  et  al.  87,  Sha  et  al.  90]. 
In  this  manner,  the  results  developed  for  independent  periodic  tasks  can  be  applied.  For 
periodic  tasks  with  no  preemption  constraints,  the  conditions  that  are  necessary  and 
sufficient  for  guaranteeing  response  times  are  stated  in  terms  of  the  processor  utilization  of 
the  system.  Tasks  with  no  preemption  constraints  can  be  scheduled  if 


where  the  value  of  a,  0  <  a  <  I,  varies  according  to  the  problem  statement  [Liu  &  Lay  land 
73]  For  our  purposes  we  can  consider  a  to  be  a  constant.  (In  our  analysis  we  had  a  =  1 .) 
The  reductions  from  the  constrained  task  system  to  the  independent  task  system  typically 
impose  further  restrictions  on  the  utilization  of  the  system.  A  common  form  for  the 
schedulability  conditions  for  task  sets  with  preemption  constraints  is  U  <  a-B,  where  B 
is  a  function  of  the  durations  for  which  tasks  in  the  system  can  be  blocked  [Leinbaugh  80, 
Stoyenko  87,  Mok  et  al.  87,  Sha  et  al.  90].  The  reduction  process  results  in  conditions  that 
are  sufficient  for  ensuring  the  correctness  of  a  set  of  tasks  but  that  are  not  necessary.  In 
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effect,  these  methocis  are  sacrificing  processor  utilization  to  gain  schedulability.  Our  work 
demonstrates  that,  in  principle,  one  need  not  make  such  a  trade-off. 

5.4  Scheduling  Periodic  Tasks  and  Scheduling  With  Inserted  Idle  Time 

Although  we  have  focused  on  modeling  a  real-time  systems  as  a  set  of  sporadic  tasks,  a 
more  common  approach  is  to  view  a  real-time  systems  as  a  set  of  periodic  tasks  [Mok  83]. 
A  periodic  task  is  the  special  case  of  a  sporadic  task  obtained  when  a  sporadic  task  is 
invoked  every  p  time  units  after  it  is  released  (where  p  is  the  period  of  the  sporadic  task). 
The  conditions  sufficient  for  a  set  of  sporadic  tasks  to  be  feasible  will  therefore  be 
sufficient  condirions  for  ensuring  the  feasibility  of  a  set  of  periodic  tasks.  Indeed  the 
generalized  EDF/DDM  scheduling  discipline  will  correctly  schedule  a  set  of  periodic  tasks 
that  share  a  set  of  serially  reusable,  single  unit  resources  if  the  conditions  of  Theorem  4. 1 
hold.  These  conditions  are,  however,  not  necessary  for  the  feasibility  of  a  set  ot  periodic 
tasks.  That  is,  the  generalized  EDF/DDM  scheduling  discipline  is  not  an  optimal  algorithm 
for  scheduling  periodic  tasks  that  share  resources.  For  the  simplest  form  of  mutual 
exclusion  constraints  (i-C.,  a  non-preemptive  system),  the  problem  of  determining 
necessary  conditions  for  the  feasibility  of  a  set  of  periodic  tasks  with  arbitrary  release  times 
is  known  to  be  NP-hard  in  the  strong  sense  (Jeffay  at  al.  90].  Moreover,  if  an  optimal 
algorithm  exists  for  the  non-preempdve  scheduling  of  periodic  tasks  then  P  =  NP  [Jeffay  et 
al.  90].  It  is  for  these  reasons  that  we  have  limited  our  attention  to  sporadic  tasks. 

The  intractability  of  deciding  feasibility  for  a  set  of  periodic  tasks  arises  from  our  inability 
to  efficiently  determine  if  the  processor  demand  given  in  condition  (2)  can  ever  actually 
occur.  That  is,  for  a  set  of  periodic  tasks,  one  cannot  efficiently  determine  if  there  can  exist 
an  interleaving  of  task  invocations  such  that  there  exists  an  interval  of  length  L  in  which  the 
processor  demand  is  given  by  condition  (2).  The  optimality  of  the  results  in  this  paper  are 
primarily  due  to  the  non-determinism  allowed  in  the  behavior  of  a  sporadic  task.  Since 
there  may  exist  an  arbitrarily  long  delay  between  invocations  of  sporadic  tasks,  one  can 
argue  that  there  can  always  exist  an  interval  of  length  L  in  which  a  set  of  sporadic  tasks  will 
realize  the  processor  demand  given  in  condition  (2). 

The  non-determinism  in  the  behavior  of  sporadic  tasks  is  also  responsible  for  consideration 
of  on-line  scheduling  policies.  It  will  not  be  possible  to  generate  a  schedule  off-line  it  the 
invocation  times  of  all  tasks  are  unknown.  For  similar  reasons,  we  have  largely  ignored 
the  investigation  of  scheduling  policies  that  use  inserted  idle  time.  In  order  for  inserted  idle 
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time  to  function  correctly,  it  would  seem  to  require  that  the  scheduler  know  when  tasks  will 
next  be  invoked.  In  general,  this  will  not  be  possible  for  sporadic  tasks. 

5.5  Implementation  Considerations 

The  tasking  model  considered  in  this  paper  can  be  efficiendy  implemented  if  the  EDF/DD.M 
scheduling  discipline  is  employed.  This  is  primarily  due  to  a  property  of  priority  driven 
schedulers.  If  there  are  no  shared  resources  in  a  system  then  tasks  may,  in  principle, 
preempt  one  another  at  arbitrary  points.  In  particular,  when  such  a  set  of  tasks  are 
scheduled  by  an  EDF  scheduling  discipline,  the  schedule  produced  has  the  propeny  that  if 
an  invocation  of  a  task  is  preempted  at  some  time  tp  and  resumed  at  some  later  time  tr,  all 
tasks  that  execute  in  the  interval  [tp,  tr]  execute  to  completion.^  When  EDF  scheduling  is 
used,  this  suggests  a  possible  implementation  strategy  wherein  all  tasks  share  a  single  run¬ 
time  stack. ^  This  implementation  strategy  for  a  real-time  tasking  model  has  been  called 
featherweight  tasks  [Baker  90a].  The  use  of  a  single  stack  can  greatly  improve  memory 
utilization  as  well  as  lower  the  cost  of  dispatching  and  preempting  tasks.  Although  the 
EDF/DDM  scheduling  discipline  dynamically  changes  the  deadline  of  resource  requesting 
tasks,  it  preserves  the  ability  of  a  set  of  tasks  to  be  implemented  using  a  single  stack. 

In  order  to  apply  the  feasibility  conditions  of  Theorem  4.1  in  practice,  one  must  account  for 
the  overhead  of  an  implementation  of  an  EDF/DDM  scheduler.  Throughout  this  paper  we 
have  ignored  the  cost  of  selecting,  dispatching,  and  preempting  a  task.  If  the  scheduling 
priority  of  tasks  changes  over  time,  as  is  the  case  in  EDF/DDM  scheduling,  one  of  the  most 
difficult  implementation  costs  to  appropriately  quantify  is  the  cost  of  preempting  a  task.  It 
would  therefore  be  useful  to  determine,  for  a  given  set,  if  allowing  preemption  between 
tasks  is  indeed  necessary  for  feasibility.  By  combining  individual  resources  into  resource 
classes,  one  can  represent  a  task  system  with  m  shared  resources,  as  a  system  with  k 
shared  resources,  for  1  <  ^  <  (In  the  context  of  a  concurrent  program  this  amounts  to 
using  a  single  monitor  for  accessing  a  set  of  resources.)  In  this  manner  we  can,  roughly 
speaking,  identify  the  “minimum”  number  of  logical  resources  necessary  for  ensuring  the 
schedulability  of  a  set  of  tasks.  For  example,  when  using  an  EDF/DDM  scheduler,  if  there 
exist  two  resources  R,  and  Rj,  i  ^  j,  such  that  f’,  =  Pj,  then  a  resource  /?,  requesting  task 


*  Assume  the  EDF  scheduler  breaks  Ues  according  to  a  static  priority  assignment  to  tasks. 

^  This  assumes  a  “lightweight”  task  implementation  wherein  all  tasks  execute  within  the  same  address 
space. 
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will  never  preempt  a  resource  Rj  task  (nor  execute  while  such  a  task  is  preempted)  and  vice 
versa.  Therefore,  if  Pi  =  Pj,  one  can  always  treat  resources  /?,  and  Rj  as  a  single  logical 
resource  . 

For  a  given  set  of  resources,  there  is  an  exponential  number  of  possible  resource  classes  to 
consider.  However  in  practice  the  number  of  resources  in  a  system  is  likely  to  be  small  and 
the  process  of  enumerating  and  testing  the  feasibility  of  the  various  modified  problem 
statements  may  be  performed  off-line. 

Even  if  the  number  of  logical  resources  required  for  feasibility  is  close  to  the  number  of 
actual  fesources  in  the  system,  we  believe  that  in  practice  the  number  of  tasks  that  are  able 
to  preempt  other  tasks  will  be  small.  For  example,  note  that  in  each  (admittedly  contrived) 
example  in  this  paper,  the  schedules  produced  by  the  EDF/DDM  scheduling  discipline  have 
been  non-preemptive.  This  is  not  by  accident.  In  the  case  of  single  phase  tasks,  if  P^  <  P, 
then  no  resource  Rj  requesting  task  can  ever  preempt  a  resource  /?,  requesting  task.  This 
implies  that  there  will  always  exist  a  group  of  tasks  that  may  never  preempt  any  resource 
requesting  task.  Furthermore,  since  a  task  Tk  may  preempt  a  resource  Ri  requesting  task 
only  if  pk  <  Pi,  Tk  can  either  preempt  every  resource  /?,•  requesting  task  or  it  cannot 
preempt  any  such  task.  Based  on  these  observations  and  our  experience  with  applying  the 
EDF/DDM  discipline  to  actual  task  sets,  we  conjecture  that  if  preemption  among  tasks  is 
required  for  feasibility,  it  will  be  limited  to  a  few  tasks.  For  these  tasks  one  may  account 
for  the  cost  of  preemption  by  inflating  their  cost  parameter  c  to  include  the  cost  of 
preempting  a  task.  Further  experience  with  constructing  systems  according  to  the  model  of 
Section  2  is  clearly  needed. 

5.6  Other  Paradigms  of  Resource  Usage 

Throughout  this  work  we  have  assumed  that  tasks  require  at  most  one  resource  per  phase 
and  that  phases  are  statically  ordered.  The  latter  restriction  can  be  mitigated  to  a  limited 
extent  by  judicious  use  of  minimum  phase  execution  time  cost  parameter  c.  A  zero  value 
for  the  minimum  cost  can  be  used  to  model  simple  branching  logic  that  controls  the  order  of 
phase  execution.  An  alternate  approach  described  by  Stoyenko  is  to  explicitly  test  the 
feasibility  of  all  possible  interleavings  of  task  invocations  for  all  possible  phase  orderings 
[Stoyenko  87].  We  have  chosen  to  restrict  the  programming  model  in  order  to  ensure  a 
simple  test  for  feasibility. 

The  restriction  that  phases  require  at  most  one  resource  is  certainly  unrealistic  for  real-time 
systems  such  as  in  transaction  systems  where  phases  may  require  multiple  resources 
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simultaneously.  Recall  that  the  initial  motivation  for  our  consideration  of  a  single  resource 
per  phase  arose  from  the  use  of  monitors  in  concurrent  programming  languages.  In  this 
conte.xt  we  have  operationally  defined  a  resource  as  a  monitor.  The  use  of  multiple 
resources  simultaneously  by  a  task  corresponds  to  the  “nested  monitor  problem”  in  the 
concurrent  programming  literature  [Haddon  77,  Lister  77].  Largely  because  of  the 
problems  associated  with  deadlock,  many  popular  concurrent  programming  languages  such 
as  Modula^,  Mesa,  and  Concurrent  Euclid  do  not  allow  nested  monitor  calls  [Winh  77, 
Lampson  &  Redell  80,  Holt  83].  We  have  therefore  not  been  motivated  to  consider  phases 
that  require  multiple  resources  simultaneously.  From  a  pragmatic  standpoint,  if  in  practice 
it  is  the  case  that  the  number  of  tasks  that  can  preempt  one  another  is  indeed  small,  as 
conjectured  in  Section  5.3,  then  we  would  argue  that  there  is  little  to  be  gained  by 
investigating  more  complex  models  of  shared  resources.  It  would  be  better  to  simply 
consider  the  resources  that  a  phase  requires  simultaneously  as  a  single  logical  resource. 
This  reduces  the  problem  to  the  one  considered  in  this  paper. 

From  our  perspective,  a  more  interesting  inodel  to  study  is  one  that  relaxes  the  mutual 
exclusion  constraints  on  the  access  to  resources.  In  this  work  resources  have  been  required 
to  be  accessed  in  a  mutually  exclusive  manner.  Other  models  of  models  of  exclusion,  such 
as  readers/writers,  warrant  consideration.  We  plan  to  investigate  such  problems  in  the 
future. 

6.  Summary  and  Conclusions 

We  have  presented  a  model  of  a  real-time  system  consisting  of  a  set  of  sporadic  tasks  that 
share  a  set  of  serially  reusable,  single  unit  resources.  Sporadic  tasks  are  a  generalization  of 
periodic  tasks  and  are  well-suited  for  representing  event  driven  processes.  Tasks  are 
composed  of  a  sequence  of  phases.  Each  phase  is  a  contiguous  sequence  of  statements  that 
possibly  require  exclusive  access  to  a  resource.  Resources  are  shared  software  objects, 
such  as  data  structures.  Our  treatment  of  resources  has  been  motivated  by  the  use  of 
monitors  in  contemporary  concurrent  programming  languages. 

For  an  arbitrary  instance  of  the  model  the  goal  is  to  determine  if  it  is  possible  to  schedule 
the  tasks  on  a  single  processor  such  that: 


^  Modula  allows  lexically  nested  monitors,  however,  this  is  compatible  with  our  one  resource  per  phase 
paradigm. 
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•  no  task  fails  (every  invocation  of  every  task  completes  execution  at  or 
before  the  end  of  its  invocation  interval)  and 

•  each  instance  of  each  resource  requesting  phase  has  exclusive  access  to  the 
resource  it  requires  for  the  duration  of  the  phase. 

We  have  identified  conditions  that  are  both  necessary  and  sufficient  for  scheduling  a  set  of 
tasks  without  the  use  of  inserted  idle  time.  Moreover,  with  respect  to  the  class  of 
algorithms  that  do  not  use  inserted  idle  time,  we  have  developed  an  optimal  algorithm  for 
scheduling  sporadic  tasks  that  share  resources.  This  algorithm,  called  the  earliest  deadline 
first  with  dynamic  deadline  modification  (EDF/DDM)  algorithm,  is  an  extension  to  the 
well-known  EDF  algorithm.  Under  an  EDF/DDM  scheduler,  tasks  that  require  exclusive 
access  to  resources  have  two  types  of  deadlines:  a  contending  deadline  for  the  initial 
acquisition  of  the  processor,  and  an  execution  deadline  for  subsequent  execution.  The 
EDF/DDM  policy  ensure  that  tasks  that  become  blocked  due  to  mutual  exclusion  constraints 
are  resumed  as  soon  as  possible.  This  policy  is  pessimistic  in  the  sense  that  it  always 
assumes  the  act  of  scheduling  a  resource  requesting  task  will  result  in  a  competing  task 
becoming  blocked.  Our  analysis  has  demonstrated  that  this  pessimistic  approach  is 
warranted. 
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